-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why should the match certificate repository be private and not public, if the contents are encrypted anyway? #13733
Comments
If we suggest that the user inputs a unique, cryptographically secure password, typically generated by and saved in a password manager (e.g. 1Password), surely that is enough in terms of security. We could even suggest a minimum number of chars for reaching high entropy (in 1Password we can use up to 64 chars)? |
If the only thing to protect is the content of the certificates, then I agree. But maybe the author had other information in mind when giving these instructions? |
I guess I'm going to ask a useless question first of... if its encrypted and nobody can do anything with it, why should it be public? 😉 But my real answer is... private isn't necessarily "required" but it is the more secure approach.
So TL;DR - private repo not required but there isn't much benefit that a public repo offers besides less sys admin type work of inviting someone to a team with the private repo 😊 |
Let me answer this with a hopefully useful answer before I read the rest of your reply: |
@janpio I covered that in the TL;DR (last line) of my reply 😉
|
To your 3 other arguments: Ok, got it:
Makes sense. |
Bitrise does not support SSH key for public apps in Bitrise (its cool, they offer free build time for open source projects), but even though my app is open source on Github, the match git repo is private. Right now I've solved it by generating a personal access token for my user in Github and setting the This works, not sure if there is any security implication I am missing. Do you think it would be better if I were to just change the git repo for my match certificates to be public? At least that way I would not risk someone picking up my personal access token somehow...? |
@Sajjon Make sure the Also think about the possible side effects of having a personal access token leak - does it offer write access? Does it offer access to only this repo or many of this user? |
@janpio Bitrise obfuscates the sensitive variables from the logs if they are setup to be private, so in the log the match summary it looks like this:
The personal access token is readonly. But yeah it might still be better to make the match git repo public and using a long, unique, generate cryptographically secure password for the encryption of the certs. |
Ok, great feature of Bitrise. I personally would keep the PAT if I can make sure it doesn't open any new doors (readonly to only that repo) even if it leaks somehow then. |
Generated README in the match repo after init says:
same in the instructions in the documentation:
But at the same time:
Why should the match repo be private, if the contents are encrypted anyway?
What sensitive information can be gathered from looking at the encrypted files?
Is it just an additional layer of security?
The text was updated successfully, but these errors were encountered: