[ci skip] Password management (#495)

Manage secrets through encrypted envrc file
symbiod · Sep 18, 2018 · 89d923c · 89d923c
1 parent f5f3bf4
commit 89d923c
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -19,3 +19,5 @@ yarn.lock
 config/settings.local.yml
 config/settings/*.local.yml
 config/environments/*.local.yml
+
+secrets/envrc
diff --git a/docs/getting_started.md b/docs/getting_started.md
@@ -1,5 +1,19 @@
 # Getting started
 
+## Before starting application
+
+To get access to the secret variables, such as Github credentials, Slack and others you need to decrypt a file located at `secrets/envrc.gpg`
+
+To to that we need to have your public GPG key in the repo.
+
+* generate GPG key with `gpg --gen-key`
+* export public key to the file `gpg --export --armor youremail@example.com > last_name.asc`
+* put the public key to the `secrets/pubkeys/last_name.asc`
+* commit changes, push and create a PR
+* when your PR is merged you'll be able to run `secrets/decrypt` to get the list of environment variables, required for project run
+
+For more information about GPG encryption read this [article](http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/).
+
 ## To run the application natively:
 
 * The [postgresql][postgresql] database must be installed

diff --git a/secrets/decrypt b/secrets/decrypt
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+gpg --decrypt secrets/envrc.gpg
diff --git a/secrets/encrypt b/secrets/encrypt
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+gpg --encrypt --recipient alex.duzh@gmail.com --recipient ejabberd@gmail.com envrc
diff --git a/secrets/envrc.gpg b/secrets/envrc.gpg
diff --git a/secrets/pubkeys/dyuzhikov.asc b/secrets/pubkeys/dyuzhikov.asc
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBFugElgBDADmT31TCzzuxLe+nV+rD8FubopPo7sfMKlKg773ZPxYaBF22pIF
+GqBF6VYz9OAFp/HqsZvdbSTPYasVg2oKA3LRLcesFlBPhNLCKq4FRsrVuEtXga98
+PbrDjCllZen8JwF76em6VYhaNokjIutRpFGBmMRjb/jwLIKJCmknUlLjbx07nHVE
+dfemNIC/M0qrGOd8vp+Sbcg18i+wfWTsDHEv09X356du3i6FaRKSuo0h4qRVMY3K
+BfURV/KhptAM8CUSnXBb8xtrlchI8mAjk75XXorv6xRDMwlCoxKjG8mq4MDPzb2g
+jrnQWlCXk7+hNsGr/Q/l4k7kTTv1wHIdS2aZi16OomHBMg8QaXFQ0tc9ekCgltzz
+NRpIDOYqS0pclHN+Jg1ZhGpDfB6914pOHHNRsqUvBExof0pYtoykw1JNxWZ0JXa4
+/gM08FgqIxWNRMfq//3RuEUpcm140hYFYzruof20JMmt/8FreElxNu3fgmmaMuXC
+V025BXxtVo02kn8AEQEAAbQfQWxla3NhbmRyIDxhbGV4LmR1emhAZ21haWwuY29t
+PokB1AQTAQoAPhYhBATKkiLiCg2nNrkee83/fUOiPlinBQJboBJYAhsDBQkDwmcA
+BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEM3/fUOiPlin/TIMAIvC+xlMlRyE
+ZBfjJVakjD+85bxZ7Q61M2ac6ioYy+bK+IRXMawSpcPIS8d6WtCfQpBhSmIbNdNk
+y2IYgU2Kr2PkCWA7JJJFRZEJHU6x8+zPPrnpqCo4KcG6ulPE/7WOmSBnIXllq732
+4KBuQwJTvq5WoVbj8NeEC1dKvnhE4ryRgC0BuZJU5eUcBlN5+nZMmoPie6OYE2xv
+2ZQOM1oSdN4ouRluvyRI3EMMVi6yGybb7cqhJfzZ+APT1oR2o0fQWfMbnBoi5/TG
+QqwUeSe2ZwbZQVUJeXGEfjaIh6NaErCdiDu6GQ4ul53jubqLRREFoV20x5zHIVOi
+jnH14YvCb86mVBE8dJh6Gr6OWNlh1SBqynogP83BNO4c57GR2xKW8aQRN3Vmt/Ya
+drbDe06Oiiav2et9iCIizSjdIH3Mzouxs9JwEgTyRdfndunTrfdBln+OuULzTN03
+Y6q+EPT5ObUMWowl5MQCuFa2LWaVHtWfK6gGYDvpEcgHXmDANWkQ9LkBjQRboBJY
+AQwAwqFewOllClZ/GyOztxySKiLudX7UL+GDt57or3KrXVgmHZjrUIiGHQyf5Ub+
+mRmScOalATkpg3tH0QsAiv+hdzyhBa8xnTbOsHy6wQh/Bc2yqp4e7p0O+azPgvXN
+RK4dT2XBJWkHMRUiyXFxAVu88Rf3ySYyEKm1jPnT1YNByFrlmEQrX00htgTGIdsb
+s0NAO+V7kutZojukQY3pxQdVVg34++QUV9heZO0t1ReXMY7pm2QPnzPNdSjzTI6o
+k0pY6i22Es0xHo+vrvaMKDLmvq8ongEKUIV8r7iEydZkaf58nInnQCq9qAT2MeNF
+JZDwx6eOg28GNnNE5oHeBDC9ZwYuksQZa5QVXz268FggFAPcloXv0C9ZYmfEX02P
+t7BzTNQuo7NOBIObT0MH9nSesZZzUpz5DABc2rtnPHq2IGuAXe2FSdd1vessRtuV
+z6N2zySPPcCaZMTeC7LYpoTSMBWaZvvAqk0t/k1xiXOglbCoj9oMi3fUPBmOADto
+a+idABEBAAGJAbwEGAEKACYWIQQEypIi4goNpza5HnvN/31Doj5YpwUCW6ASWAIb
+DAUJA8JnAAAKCRDN/31Doj5Yp4dOC/9aT//Zn84ZyIMxk/Uj84QmvLnnzCZvRYE4
+PkctBSfYFkq7t1u/DAcTqpGvAWW3+Z0cWMXZdTK4Sx+CWV9gqmZCwHBEatcFPADN
+nTrG7SCO9Us5DuTsC33GU5bfOBZ6KVmQySNVUXnQyvE+D+B4z6/up3N7OTkj87Sk
+Ih7GFlgRGpi4Zy4qcUpy/brh7GjDSVPueIR/1BXKe6nKo9hENNdY7OaoNmAAkOn2
+LKE+rjK+cXFZjiThIqZQeNXA8QR25F5LJygW5f3EAyB7qcMys0FGGSHKmYnaZYEN
+7Nr6kzFTf/YpcJrJ+0YYVBvLwLsh5esGEnSaWsC3f8kxMJqTDA4v2u7ZdHfsu9HO
+GhjyXlId61jO9c4n2j8390l1DbkE7MJYMtOzpYOxB417syYM6JDmExVKGcpC676y
+yStpZ4UllmuK4IjG2XOIhFgKOXkAPt2/52oFSU/SOxddy2tTsX5yYgnm0FYSOS/c
+5U1Bt4MVzCBY/PiQX8eLyvyp6bKmwsk=
+=L5p7
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/secrets/pubkeys/mekhonoshin.asc b/secrets/pubkeys/mekhonoshin.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFugD8ABCACxVA8WexG+I+CsCOT4QQH4z/shF5GUR3ClI1JG5GWhQ8SaDphn
+3fF/Qx6B5aQ44cPi1UDo9vJynkBiJHVi6lUMjxpcBfKzE8cKygsEkLoLEZutHA5C
+Fz24J6Oz/GgykZ+Rm5YkqvxFOHUWPyasgCPfhMZp2xIdlokPl8Pi2RutDRAMHrFk
+hGiXdeffGtgYozkGrhyBniWmgiyqGAQBjHV+h3F6S+poNoGhIjGR+BBJ/cDTWCO+
+JoWXseIqoyTen45KTSQUtQj9NifzKES54YjyadTrNPYjgIebREaBHrcou6/BgpzG
+WdrtouYXpeQWQDWVJ8vsE2FZf5Weg3duMMD7ABEBAAG0KlN0YW5pc2xhdiBNZWto
+b25vc2hpbiA8ZWphYmJlcmRAZ21haWwuY29tPokBVAQTAQgAPhYhBFKGJHav0d1z
+5EXCnNySVsqcpci0BQJboA/AAhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMBAh4B
+AheAAAoJENySVsqcpci0XfIIAJtdC1e8vCjCNugwdv3164hEJ0GVNUjONkUseo4F
+IqTQdlbSFDiPi2ZXHzpNTKeyhQyKNS32CrWh6Td+tLgqEu+NUOcD9wj+Y3PDLstm
+sY+bXiNH6lfFmEkVisYrHTz78frXqzsM6K11+D0L79COJKhfxts8mHh2rrNWb1AY
+/RHCFUZGlkdS6lad04R2wy2xQVkRepTZRyevj9WiLkACfgCKFiS7HfZnU9jRljB1
+rJkfXW0s5oKILi5XvW7OqyhMSxMCAcRQqpBST34O7vRuP1mVb0ljJFIXGVtMsub3
+jFiK+WrSJCu8ChYuqYUG4wfo/x+um7ltiQiXII/petyfnuu5AQ0EW6APwAEIALxT
+x6cm70OwPrF6QARBk+4cH2g2i06wFzT84xvdOCFbAw26bKgebI9eOhxkWEJ8FbW9
+oieN5cbD+VR/aw+tUTQezmLY2NBIoch0zPlPR9rk0DxhX/XPp5bNq73d/yvtV9TF
+4f5s5iZa5lalopV83MqoWF12KSaF5Sq6gwVPCyzaQpdjPbFcAxCBkWQO2OGbcvAd
+4koy0spwgYaMQeaZQQFzaCQ5mJOqwV6Us3icWydyfkSa/QK4w1qCNCx5TvENx7hz
+ng8Px7n97OCZGoq5ZIa2Fy+86GRieRV6UmgesTroeCJZMJvhNvO3LGM/DVIgcSWF
+vPF4iCUI83q0Hz4M28sAEQEAAYkBPAQYAQgAJhYhBFKGJHav0d1z5EXCnNySVsqc
+pci0BQJboA/AAhsMBQkDwmcAAAoJENySVsqcpci0TZkH/R4p4cw3gE47Y36PUS9L
+ubmjxyAPAGGIlKAh5KC02ZgKfq+NMMsCVUvCuf4RjLiyuZDGlY6ahs75MtZTXhPK
+Rm8Fv+fZcxwgtD3td/szW1FWGnGGJ8yjMLvLY/r5Bo94rLY1dVaVSW6olSPWd9XU
+1Y9CQwt146kapYJrT17EMvMetUxD9Zy1tG+dX4WsY1+H8cuDH/jh5k31zc4EYIoa
+3SwI1QTiSI7MjIoIoWnDi9RRM+9CQ6ct3GQgWxlnSAj1Iw4XREIE52Pvl7vNVNek
+EctaFQPFTygo9u5UzxCX5MeoTX6fpjuQvPHuntJw9YJBM+FMlhur09wGalWcZqR0
+cKY=
+=JIdi
+-----END PGP PUBLIC KEY BLOCK-----