Skip to content
This repository was archived by the owner on Nov 1, 2022. It is now read-only.

git signature verification #1683

Closed
jimmyjones2 opened this issue Jan 23, 2019 · 1 comment · Fixed by #1791
Closed

git signature verification #1683

jimmyjones2 opened this issue Jan 23, 2019 · 1 comment · Fixed by #1791
Assignees
@hiddeco
Labels
enhancement

Comments

@jimmyjones2
Copy link

Git supports signing commits/tags with PGP. If flux could be configured with a set of allowed PGP keys, it would add another layer of defense.

As it stands, if someone can manage to commit (eg. insider, previous employee with unrevoked access, unpatched git sever, stolen domain creds etc) they can compromise the entire cluster. You'll have an audit log and hopefully someone should notice which is way better than the status quo, but this could further improve the already great security story of flux.
@hiddeco
Copy link
Member

hiddeco commented Jan 23, 2019
edited
Loading

Is it correct to assume the feature you are describing is being worked on in #1394?

Did not consume my kick start amount of ☕ yet. You actually want to provide a list of allowed PGP keys and block the execution of commits if the PGP key of the commit does not match the whitelist. Which is a solid feature.

This is blocked by #1394 as Flux pushes updates to Git and applies them by pulling them from Git in a separate loop. Without being able to sign the commit Flux would be unable to apply them with a PGP whitelist in place.

@hiddeco hiddeco removed the blocked label Mar 4, 2019
@hiddeco hiddeco self-assigned this Mar 4, 2019
@hiddeco hiddeco mentioned this issue Mar 4, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hiddeco hiddeco

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Verify git commit signatures fluxcd/flux
2 participants
@jimmyjones2 @hiddeco