Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/build: build infrastructure secrets should be stored in a single secure location. #37171

Open
cagedmantis opened this issue Feb 11, 2020 · 3 comments
Assignees
Labels
Milestone

Comments

@cagedmantis
Copy link
Contributor

@cagedmantis cagedmantis commented Feb 11, 2020

Secrets required by services in the build repository do not currently have a canonical storage location. The secrets should also be encrypted and stored in a secure location which has a clear audit log of access and changes made to the secrets. We should explore the possible options for secrets management.

@toothrot @dmitshur @FiloSottile

@gopherbot gopherbot added this to the Unreleased milestone Feb 11, 2020
@gopherbot gopherbot added the Builders label Feb 11, 2020
@cagedmantis cagedmantis self-assigned this Feb 11, 2020
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Feb 11, 2020

Change https://golang.org/cl/217340 mentions this issue: internal/secret: add secret management package

gopherbot pushed a commit to golang/build that referenced this issue Feb 13, 2020
This change adds a package which can be used to retrieve secrets from
GCP Secret Management Service. The goal of this package is to ensure
that there is a simple and known way to retrieve secrets for any
service housed in the build repository. This package should enable the
storage of the project secrets in a single, secure location.

A simple use of the package is introduced to the scaleway application.

Updates golang/go#37171

Change-Id: I957afc2a8b8cede2c2eaa132513fad3fb3691867
Reviewed-on: https://go-review.googlesource.com/c/build/+/217340
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Feb 18, 2020

Change https://golang.org/cl/219879 mentions this issue: cmd/gitmirror: migrate secrets to secret manager

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Feb 18, 2020

Change https://golang.org/cl/219939 mentions this issue: cmd/gopherbot: migrate secrets to secret manager

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.