Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design a secure method to receive secret keys #639

Closed
2 tasks
yuvipanda opened this issue Aug 30, 2021 · 4 comments · Fixed by 2i2c-org/docs#164
Closed
2 tasks

Design a secure method to receive secret keys #639

yuvipanda opened this issue Aug 30, 2021 · 4 comments · Fixed by 2i2c-org/docs#164
Assignees
@yuvipanda
Labels
Enhancement An improvement to something or creating something new.

Comments

@yuvipanda
Copy link
Member

yuvipanda commented Aug 30, 2021
edited by choldgraf
Loading

Description

Sometimes, we need to receive secret info (like OAuth keys!) from community champions / university IT to finish setting up our infrastructure. This needs to be encrypted both at rest and in transit.

Value / benefit

  • We can receive secrets in a secret fashion
  • We should receive it in a way that allows anyone from the 2i2c team to decrypt it, and isn't tied to anyone in particular

Implementation details

No response

Tasks to complete

  • Choose what kinds of transfer options we want to officially recommend
  • Work out a process for each and document it

Updates

No response
@choldgraf
Copy link
Member

A few options that @yuvipanda recently gave to the team at U. Toronto, and we might consider re-using as "officially recommended" options:

I feel like the first two options are the most reasonable, though both of them we shouldn't expect a Community Representative to have any background with and we should write documentation to step people through each.

@choldgraf choldgraf added 🏷️ team-process Enhancement An improvement to something or creating something new. labels Aug 31, 2021
@choldgraf choldgraf mentioned this issue Aug 31, 2021
Closed
3 tasks
@damianavila
Copy link
Contributor

I feel like the first two options are the most reasonable, though both of them we shouldn't expect a Community Representative to have any background with and we should write documentation to step people through each.

Maybe just the first option is sort of reasonable?

@yuvipanda yuvipanda self-assigned this Sep 9, 2022
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this issue Sep 10, 2022
@yuvipanda
Add docs on decrypting encrypted messages as a team
92d7861 
Should have an equivalent PR to the docs repo targetted towards
the people who are *sending* us stuff.

Ref 2i2c-org#639
@yuvipanda yuvipanda mentioned this issue Sep 10, 2022
Merged
yuvipanda added a commit to yuvipanda/pilot that referenced this issue Sep 10, 2022
@yuvipanda
Add docs on how to encrypt messages to be sent to 2i2c support
e67553d 
2i2c-org/infrastructure#1698 is
the equivalent for engineers

Fixes 2i2c-org/infrastructure#639
@yuvipanda yuvipanda mentioned this issue Sep 10, 2022
Merged
@yuvipanda
Copy link
Member Author

2i2c-org/docs#164 and #1698 add support for age so we can be given secret credentials. This doesn't mean we can't have other setups in the future, but this at least gives us one secure method that is not a single point of failure.

@sgibson91
Copy link
Member

I feel like the first two options are the most reasonable, though both of them we shouldn't expect a Community Representative to have any background with and we should write documentation to step people through each.

Maybe just the first option is sort of reasonable?

+1'ing keybase.io as well, since I already use it

@damianavila damianavila mentioned this issue Oct 14, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuvipanda yuvipanda

Labels
Enhancement An improvement to something or creating something new.
Projects
No open projects
DEPRECATED Engineering and Product Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add docs on how to encrypt messages to be sent to 2i2c support yuvipanda/pilot
4 participants
@yuvipanda @damianavila @choldgraf @sgibson91