typo fix in security hardening #1036
Conversation
It seems that structured data should always be used for secrets. Correct me if I'm wrong.
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
|
Thanks so much for opening a PR @lucasilverentand! I'll get this triaged for review ⚡ |
janiceilene
added
actions
| @@ -25,7 +25,7 @@ Secrets use [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key | |||
|
|
|||
| To help prevent accidental disclosure, {% data variables.product.product_name %} uses a mechanism that attempts to redact any secrets that appear in run logs. This redaction looks for exact matches of any configured secrets, as well as common encodings of the values, such as Base64. However, because there are multiple ways a secret value can be transformed, this redaction is not guaranteed. As a result, there are certain proactive steps and good practices you should follow to help ensure secrets are redacted, and to limit other risks associated with secrets: | |||
|
|
|||
| - **Never use structured data as a secret** | |||
| - **Never use unstructured data as a secret** | |||
There was a problem hiding this comment.
@brentjo This change makes sense to me, but I wanted to also get your 👀 just to make sure 🙂
There was a problem hiding this comment.
👋 @lucasilverentand thanks for opening this up, and for catching this. Structured was the intended word here though, so the typo's actually with how we go on to say Unstructured in the first sentence. As in: don't use "structured" data such as a blob of JSON as a secret, because secret redaction mostly looks for exact matches to the configured secrets, so doing so can cause redaction to fail. You want to configure the secret in its rawest form that you would want redacted in the event that value ever gets written to the logs.
"Structured" was the best term I could think of that captures that meaning, but definitely open to suggestions on that!
There was a problem hiding this comment.
@brentjo that makes a lot of sense. I do agree with you that the term makes sense. Is there any chance someone else could make the change? Since I'm currently a bit busy with other projects.
There was a problem hiding this comment.
@lucasilverentand Can do! Thanks again for bringing this to our attention!
There was a problem hiding this comment.
@brentjo glad I could help! 😇
There was a problem hiding this comment.
Thanks a lot for clearing this up @brentjo and @lucasilverentand!
I'll get this merged in 🚀
|
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. |
* Add backfilling action example * Add description to schedule backfill * Restructure to match other example pages Co-authored-by: Lana Brindley <github@lanabrindley.com>
Why:
It seems that structured data should always be used for secrets. Correct me if I'm wrong.
What's being changed:
A (supposed) typo in the security docs.
Check off the following: