Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

README.md

secrets key thingy (skt)

  • what? secrets in github for a particular audicence; ie. your org
  • why? secrets need revision control; and circle of trust should be transparent
  • how? leverage GPG and Git and a bit of consistent social behavior

requirements:

  • gpg2 (via brew on macosx) -but doc here simply refers to gpg

adding an emp to the circle of trust

  • jut manager decides emp gets creds access
  • tells emp to generate new GPG keypair
    alice%> gpg --gen-key
  • user is prompted for name, then email, then comment
  • we use format First Last (gitUserName) <emp@example.com> where comment is git username
  • now save key according to git username
    gpg --armor --export alice@example.com > pubkeys/alice.asc
  • emp now adds key to repo on new branch and creates a PR
    alice%> git checkout -b new-alice-key && git add pubkeys/alice.pub
    alice%> git add pubkeys/alice.pub && git checkin -m 'alice pubkey' keys/
    alice%> git push origin new-alice-key
  • Alice create the PR; Manager merges PR
  • Manager pulls changes and updates secrets
    boss%> git pull
    boss%> ./skt encode
    boss%> git commit -m 'add alice' creds.tgz
    boss%> git push origin master
  • alice is now in the circle of trust
    alice%> git pull && ./skt decode
  • decode asks for her password to decrypt, and then untars creds dir

removing an emp to the circle of trust

    boss%> git checkout master && git pull && cd secrets
    boss%> git rm keys/alice.pub
    boss%> ./skt encode
    boss%> git commit -m 'remove alice' creds.tgz
    boss%> git push origin master