Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a Guide/Template: Preventing Secrets & Credentials Leaks in GitHub #69

Open
7 tasks
gregpawin opened this issue Apr 15, 2021 · 11 comments
Open
7 tasks

Create a Guide/Template: Preventing Secrets & Credentials Leaks in GitHub #69

gregpawin opened this issue Apr 15, 2021 · 11 comments
Labels
Complexity: Missing CoP: Ops feature : guide creation milestone: missing Phase: 3 - Drafting a Guide size: 2pt Can be done in 7-12 hours status: 3.1 needs draft Examples have been gathered but no draft has been started

Comments

@gregpawin
Copy link
Member

gregpawin commented Apr 15, 2021
edited by fchan218
Loading

Overview

We need to create a guide to preventing secrets and credentials from being published on GitHub.

Action Items

The phases in the guide-making process are listed below. Each phase displayed in blue is linked to a wiki page with instructions on how to complete that phase. Open the wiki page in a new tab, copy the instructions for each part into the section labeled 'Tasks' at the bottom of this issue, and complete each task listed.

Resources

Projects with no mention of "secrets" and/or "credentials" in their Contributing.md or README.md file:

Projects to check

Tasks

  • This is where you will copy instructions from the wiki page for the step you are currently on.
@mgodoy2023 mgodoy2023 self-assigned this Jun 21, 2021
@ExperimentsInHonesty
Copy link
Member

@salice
Can you share with us:

  • how much time was used recovering from pete's homeuniteus pr that published his .env file to AWS account.
  • Are there any others that you know about and how long each of them took (I think the other one might be lucky parking).

@gregpawin
Copy link
Member Author

When I published the Lucky Parking secrets, I got the warning within minutes and fixed it right away, which included killing the old credentials and creating new ones.

@ExperimentsInHonesty
Copy link
Member

@gregpawin how long did the clean up take? https://github.com/hackforla/engineering/issues/17#issuecomment-891511226

@gregpawin
Copy link
Member Author

It took less than 30 mins

@ExperimentsInHonesty
Copy link
Member

ExperimentsInHonesty commented Nov 4, 2021
edited
Loading

sophias repo with pre commit hooks
https://github.com/100Automations/github-actions
https://github.com/100Automations/pre-commit-hooks

@ExperimentsInHonesty ExperimentsInHonesty transferred this issue from hackforla/engineering Nov 4, 2021
@ExperimentsInHonesty ExperimentsInHonesty added bug Something isn't working and removed bug Something isn't working labels Jan 23, 2022
@JasonEb JasonEb removed their assignment Feb 3, 2022
@JasonEb JasonEb added the size: 2pt Can be done in 7-12 hours label Jun 19, 2022
@JasonEb

This comment was marked as outdated.

Sign in to view
@gregpawin

This comment was marked as outdated.

Sign in to view
@JasonEb

This comment was marked as outdated.

Sign in to view
@JasonEb JasonEb mentioned this issue Oct 16, 2022
Open
@ExperimentsInHonesty ExperimentsInHonesty mentioned this issue Apr 4, 2023
Closed
5 tasks
@Aditya23soni
Copy link
Member

Prior version of issue

Overview

We need to create a guide to preventing secrets and credentials from being published on GitHub.

Action Items

  • Gather examples of how other projects have done it, adding each example as a link in the resources section
    • Once done, remove the "TG: Gather Examples" label and add the "TG: Draft Template" label
  • Create a draft template, either in markdown format in this issue or a google doc in the Engineering google drive
    • Once done, remove the "TG: Draft Template" label and add the "TG: Create Guide" label
  • Create a guide on how to use the template
    • Once done, remove the "TG: Create Guide" label and add the "TG: Review Guide" label
  • Review the guide with product management communities of practice
    • Once done, remove the "TG: Review Guide" label and add the "TG: Leadership Review" label
  • Present to Hack for LA leadership team for sign off
    • Once approved, remove the "TG: Leadership Review" label and add the "TG: Place Guide" label
  • Possibly create an issue template on .github
    • Include link to template under resources if you add it as a template in .github

Resources

Update tracker issue (TBD) with the name of item you are working

Projects with no mention of "secrets" and/or "credentials" in their Contributing.md or README.md file:

Projects to check

@Aditya23soni
Copy link
Member

Assignee, Labels, Project Board Placement, and Milestones for this issue in the Ops Repo:

Screenshot 2024-10-04 at 7 14 20 PM

@Aditya23soni

This comment was marked as outdated.

Sign in to view
@ExperimentsInHonesty ExperimentsInHonesty mentioned this issue Oct 4, 2024
Closed
8 tasks
@Aditya23soni Aditya23soni transferred this issue from hackforla/ops Oct 11, 2024
@Aditya23soni Aditya23soni added Phase: 3 - Drafting a Guide status: 3.1 needs draft Examples have been gathered but no draft has been started labels Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Missing CoP: Ops feature : guide creation milestone: missing Phase: 3 - Drafting a Guide size: 2pt Can be done in 7-12 hours status: 3.1 needs draft Examples have been gathered but no draft has been started
Projects
P: Guides: Tracker of issues in CoPs
Status: Needs to be Triaged
P: Guides: Knowledgebase Content Tracker
Status: Needs to be Triaged
Milestone
No milestone
Development

No branches or pull requests
7 participants
@fyliu @JasonEb @gregpawin @ExperimentsInHonesty @edwardsarah @mgodoy2023 @Aditya23soni