Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Set up separate secrets for our staging server. #4677
Previously, we shared secrets between our staging and prod server, which
This change is a step in the right direction, but isn't perfect:
Previously, we shared secrets between our staging and prod server, which is a bad idea for all sorts of reasons. One of the biggest issues we've run into is when our staging server started syncing our google group mailing lists based off of the contents of the staging database (#4039). We shouldn't have even been running that job on our staging server, but even if someone *did* try to run it on our staging server, the server should not have had the api key necessary to talk to our gsuite account! This change is a step in the right direction, but isn't perfect: - There's still a single chef secret that the staging server must have access to. With that secret, it would still be possible to decrypt the prod secrets and access prod stuff. - We're using the same S3 IAM credentials for staging and prod right now. Ideally we'd create separate IAM users with only the permissions they need to access the staging/prod S3 buckets.