-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Design secrets #35
Comments
not hugely important, however, i like using the term "memento" ... you
might hate it -- that's fine.
i like it because it doesn't over-promise (in the security sense, etc.) ..
and in the JS case, attackers won't search for it.
it's *not* an exact fit, however, i saw it in a patterns book once (not
this one: https://sourcemaking.com/design_patterns/memento, but somewhere)
... and i've always kind of wanted to use it for an opaque reference.
in any case, choose whatever name you want, however, my vote is to avoid
"secret" or "secure" in the name.
…On Sun, Jan 8, 2017 at 5:48 AM, Joe Duffy ***@***.***> wrote:
The secrets system needs to be designed. In particular, we want secrets to
be opaque cookies that can flow throughout the system without concern for
their safety. At the time they are wielded and redeemed for the concrete
secret value -- as close to their use as possible -- this opaque cookie is
turned into an authority, perhaps through some combination with an
authorized identity.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#35>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AH_5wgvQ6uKmkRIffxfePape2fxzVPLrks5rQOlCgaJpZM4LdsZ->
.
|
This is done except that it now needs to be reviewed and a few loose ends like #397 implemented. But the bulk of the design work is now done, and so closing this out. |
hausdorff
added a commit
that referenced
this issue
Aug 2, 2019
hausdorff
added a commit
that referenced
this issue
Aug 5, 2019
hausdorff
added a commit
to hausdorff/pulumi
that referenced
this issue
Aug 5, 2019
hausdorff
added a commit
that referenced
this issue
Aug 5, 2019
hausdorff
added a commit
that referenced
this issue
Aug 5, 2019
hausdorff
added a commit
that referenced
this issue
Aug 5, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The secrets system needs to be designed. In particular, we want secrets to be opaque cookies that can flow throughout the system without concern for their safety. At the time they are wielded and redeemed for the concrete secret value -- as close to their use as possible -- this opaque cookie is turned into an authority, perhaps through some combination with an authorized identity.
The text was updated successfully, but these errors were encountered: