Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move all AWS account numbers, bucket names and other sensitive data to secrets #2220

Closed
gaiksaya opened this issue Jun 21, 2022 · 2 comments · Fixed by #2327
Closed

Move all AWS account numbers, bucket names and other sensitive data to secrets #2220

gaiksaya opened this issue Jun 21, 2022 · 2 comments · Fixed by #2327
Assignees
@gaiksaya
Labels
enhancement New Enhancement

Comments

@gaiksaya
Copy link
Member

gaiksaya commented Jun 21, 2022
edited
Loading

Is your feature request related to a problem? Please describe

With jenkins going public, we observed that few variables which should be secrets are rather being stored and used as environment variables.
From security perspective, it is better if we move all those to credential store (AWS secrets manager) and use it as secrets rather than exposed as env variables.

Few of them are as follow:

  • ARTIFACT_BUCKET_NAME
  • ARTIFACT_PRODUCTION_BUCKET_NAME
  • SIGN_ASM_ACCOUNT, SIGN_ASM_KEYID, SIGN_ASM_REGION, SIGN_ASM_ROLE (can go as one secret) see example
  • SIGNER_CLIENT_EXTERNAL_ID, SIGNER_CLIENT_ROLE, SIGNER_CLIENT_SIGNED_BUCKET, SIGNER_CLIENT_UNSIGNED_BUCKET (can go as one secret) See example
  • SONATYPE_STAGING_PROFILE_ID
  • AWS_ACCOUNT_ARTIFACT
  • AWS_ACCOUNT_PUBLIC
  • AWS_ACCOUNT_TESTING

Describe the solution you'd like

Move them to AWS secrets manager

Describe alternatives you've considered

No response

Additional context

No response
@gaiksaya gaiksaya added enhancement New Enhancement untriaged Issues that have not yet been triaged labels Jun 21, 2022
@gaiksaya gaiksaya self-assigned this Jun 21, 2022
@gaiksaya gaiksaya removed the untriaged Issues that have not yet been triaged label Jun 21, 2022
This was referenced Jun 22, 2022
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@gaiksaya gaiksaya mentioned this issue Jun 29, 2022
Merged
@bbarani
Copy link
Member

bbarani commented Jul 6, 2022

@gaiksaya Can we close this issue?

@gaiksaya
Copy link
Member Author

gaiksaya commented Jul 6, 2022

Not yet! Still yet to go through jenkinsFiles to see any ad-hoc environment variables usage.

This was referenced Jul 8, 2022
Merged
Merged
@gaiksaya gaiksaya mentioned this issue Jul 20, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gaiksaya gaiksaya

Labels
enhancement New Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move artifact bucket name from env to creds gaiksaya/opensearch-build
2 participants
@gaiksaya @bbarani