Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cg upload cac #3486

Merged
merged 3 commits into from Feb 6, 2020
Merged

Cg upload cac #3486

merged 3 commits into from Feb 6, 2020

Conversation

@chrisgilmerproj
Copy link
Contributor

chrisgilmerproj commented Feb 6, 2020

Description

Adding my personal CAC to staging/experimental. You can check that the files are different with this tool:

compare-secure-migrations

You can also download and compare:

download-secure-migration 20200206163953_cgilmer_cac.up.sql
vimdiff tmp/secure_migrations/*/20200206163953_cgilmer_cac.up.sql
@chrisgilmerproj chrisgilmerproj requested review from tinyels and transcom/truss-infra Feb 6, 2020
@chrisgilmerproj chrisgilmerproj self-assigned this Feb 6, 2020
@chrisgilmerproj

This comment has been minimized.

Copy link
Contributor Author

chrisgilmerproj commented Feb 6, 2020

Any reason not to upload our CAC fingerprint to github in the local_migrations folder? It would make testing with our CACs a lot easier AND I don't believe that data is necessarily secret. I guess folks could change the Subject to be whatever (It doesn't have to match in order to use CACs, its for internal use only)

@mr337

This comment has been minimized.

Copy link
Contributor

mr337 commented Feb 6, 2020

I'm going to defer to someone else with more CAC knowledge. I too don't think the certs stored in S3 are secret but still learning how the CAC system works.

@chrisgilmerproj

This comment has been minimized.

Copy link
Contributor Author

chrisgilmerproj commented Feb 6, 2020

I'm going to defer to someone else with more CAC knowledge. I too don't think the certs stored in S3 are secret but still learning how the CAC system works.

I went ahead and updated the CN to my github name and checked it in. The reason for doing secure migrations is really only to ensure we don't have this migration in production, not because the sha256 carries any information with it.

@tinyels
tinyels approved these changes Feb 6, 2020
Copy link
Contributor

tinyels left a comment

Love the new tool!

@chrisgilmerproj chrisgilmerproj merged commit 3e82cf5 into master Feb 6, 2020
15 checks passed
15 checks passed
ci/circleci: acceptance_tests_experimental Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_local Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_staging Your tests passed on CircleCI!
Details
ci/circleci: build_app Your tests passed on CircleCI!
Details
ci/circleci: build_migrations Your tests passed on CircleCI!
Details
ci/circleci: build_storybook_app Your tests passed on CircleCI!
Details
ci/circleci: build_tasks Your tests passed on CircleCI!
Details
ci/circleci: build_tools Your tests passed on CircleCI!
Details
ci/circleci: check_generated_code Your tests passed on CircleCI!
Details
ci/circleci: client_test Your tests passed on CircleCI!
Details
ci/circleci: integration_tests Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_golang Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_yarn Your tests passed on CircleCI!
Details
ci/circleci: pre_test Your tests passed on CircleCI!
Details
ci/circleci: server_test Your tests passed on CircleCI!
Details
@chrisgilmerproj chrisgilmerproj deleted the cg_upload_cac branch Feb 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.