Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Chore] (API): Move plain text secrets out of env file and into Key Vault #350

Open
diberry opened this issue Sep 21, 2023 · 4 comments
Open

[Chore] (API): Move plain text secrets out of env file and into Key Vault #350

diberry opened this issue Sep 21, 2023 · 4 comments
Assignees
@diberry
Labels
scope: api scope: deployments Deployments in Azure and CI/CD status: needs triage

Comments

@diberry
Copy link
Collaborator

diberry commented Sep 21, 2023

Please assign to me @manekinekko
@manekinekko manekinekko added scope: deployments Deployments in Azure and CI/CD scope: api labels Sep 21, 2023
@diberry
Copy link
Collaborator Author

diberry commented Sep 27, 2023

@manekinekko @anfibiacreativa

I would like to fix this with

  1. predeployment step which uploads dump file to storage
  2. postdeployment step which restores db from storage - perhaps an Azure Function so there isn't anything locally happening in terms of permissions/secrets
  3. postdeployment test to validate that resource group has no security alerts (@nitya fyi)

@manekinekko
Copy link
Collaborator

cc @sinedied ☝🏽

@dfberry
Copy link
Contributor

dfberry commented Oct 4, 2023

  1. Internal sub security threat thrown on deployment for Azure function because deployment logs contain secrets
  2. Azure Function has the following deployment input params
    • AZURE_COSMOS_CONNECTION_STRING_KEY connection string to get to user, payment, reservations.
    • STRAPI_DATABASE_PASSWORD to get to Strapi
    • AzureWebJobsStorage for any trigger work

@diberry
Copy link
Collaborator Author

diberry commented Nov 2, 2023

Working on this still.

This was referenced Nov 7, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diberry diberry

Labels
scope: api scope: deployments Deployments in Azure and CI/CD status: needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Secrets leak fix (do not merge) dfberry/contoso-real-estate
3 participants
@dfberry @manekinekko @diberry