Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add recipe for branch-based secrets management #72

Merged
merged 6 commits into from Nov 13, 2019
Merged

Add recipe for branch-based secrets management #72

merged 6 commits into from Nov 13, 2019

Conversation

@c-w
Copy link
Contributor

@c-w c-w commented Oct 28, 2019

This pull request adds a section about branch-based secrets management to the engineering playbook. The section is based on findings from a customer project and answers questions such as:

  • Why do we need branch-based secrets management?
  • How can we implement branch-based secrets management?

The section is included as part of the continuous deployment heading since it already has some prior content around secrets management.

@fnocera
Copy link
Contributor

@fnocera fnocera commented Oct 29, 2019

This is great!

@fnocera
Copy link
Contributor

@fnocera fnocera commented Oct 29, 2019

@SaraSp @cloudbeatsch flagging for review, thanks!

Copy link
Contributor

@cloudbeatsch cloudbeatsch left a comment

lgtm

@charleszipp
Copy link
Member

@charleszipp charleszipp commented Oct 30, 2019

I would invite @kevinhartman to take a look at the secrets part with node. We recently opened a story in our current project because in ACI, env vars are visible in the portal (thats how i understood what @kevinhartman and narmatha reporting). So is the env the best place to put secrets? Is there a different place for node containers that we should place secrets?

@fnocera
Copy link
Contributor

@fnocera fnocera commented Oct 31, 2019

@charleszipp I will message @kevinhartman to add a recipe for node secrets!

@fnocera fnocera requested a review from cloudbeatsch Oct 31, 2019
@c-w
Copy link
Contributor Author

@c-w c-w commented Oct 31, 2019

@charleszipp The recommendation for using dotenv in Node came from @tobecodex so perhaps he can add more context.

Personally, I like the way the section on Enhanced-Security Applications puts it: using environment variables is fine for most applications unless you have specific additional security requirements (in which case you'd likely have a security review, pentesting, etc. all set up which will inform the best enhanced security strategy for your use-case).

@fnocera fnocera self-requested a review Oct 31, 2019
Copy link
Contributor

@fnocera fnocera left a comment

This looks good to me. This is something we can build on and add recipes for different languages etc.

c-w and others added 5 commits Nov 12, 2019
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
…secrets-per-branch.md

Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
Co-Authored-By: David Khourshid <davidkpiano@gmail.com>
@fnocera fnocera merged commit 78599ff into microsoft:master Nov 13, 2019
1 check passed
@c-w c-w deleted the secrets-per-branch branch Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants