Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add recipe for branch-based secrets management #72

Merged
merged 6 commits into from
Nov 13, 2019
Merged

Add recipe for branch-based secrets management #72

merged 6 commits into from
Nov 13, 2019

Conversation

c-w
Copy link
Contributor

@c-w c-w commented Oct 28, 2019

This pull request adds a section about branch-based secrets management to the engineering playbook. The section is based on findings from a customer project and answers questions such as:

  • Why do we need branch-based secrets management?
  • How can we implement branch-based secrets management?

The section is included as part of the continuous deployment heading since it already has some prior content around secrets management.

@fnocera
Copy link
Contributor

fnocera commented Oct 29, 2019

This is great!

@fnocera
Copy link
Contributor

fnocera commented Oct 29, 2019

@SaraSp @cloudbeatsch flagging for review, thanks!

Copy link
Contributor

@cloudbeatsch cloudbeatsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@charleszipp
Copy link
Member

I would invite @kevinhartman to take a look at the secrets part with node. We recently opened a story in our current project because in ACI, env vars are visible in the portal (thats how i understood what @kevinhartman and narmatha reporting). So is the env the best place to put secrets? Is there a different place for node containers that we should place secrets?

@fnocera
Copy link
Contributor

fnocera commented Oct 31, 2019

@charleszipp I will message @kevinhartman to add a recipe for node secrets!

@c-w
Copy link
Contributor Author

c-w commented Oct 31, 2019

@charleszipp The recommendation for using dotenv in Node came from @tobecodex so perhaps he can add more context.

Personally, I like the way the section on Enhanced-Security Applications puts it: using environment variables is fine for most applications unless you have specific additional security requirements (in which case you'd likely have a security review, pentesting, etc. all set up which will inform the best enhanced security strategy for your use-case).

@fnocera fnocera self-requested a review October 31, 2019 15:06
Copy link
Contributor

@fnocera fnocera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. This is something we can build on and add recipes for different languages etc.

c-w and others added 5 commits November 12, 2019 11:11
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
@fnocera fnocera merged commit 78599ff into microsoft:master Nov 13, 2019
@c-w c-w deleted the secrets-per-branch branch November 13, 2019 03:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants