Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(config): scoped secrets using pgp/gpg #11673

Merged
merged 24 commits into from Sep 16, 2021
Merged

feat(config): scoped secrets using pgp/gpg #11673

merged 24 commits into from Sep 16, 2021

Conversation

rarkins
Copy link
Collaborator

@rarkins rarkins commented Sep 10, 2021

Changes:

Adds PGP encryption.

Context:

This solves two problems in one:

  • Scoped secrets to eliminate replay attacks
  • PGP-based encryption to remove the existing line length limitations

Closes #10641

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

viceice
viceice reviewed Sep 10, 2021
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one question, otherwise LGTM

lib/config/decrypt.ts Outdated Show resolved Hide resolved
HonkingGoose
HonkingGoose suggested changes Sep 10, 2021
View reviewed changes
Copy link
Collaborator

@HonkingGoose HonkingGoose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some initial thoughts.

docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Show resolved Hide resolved
rarkins and others added 4 commits September 10, 2021 14:47
@rarkins
fix: optional start/end blocks
cc3e78a
@rarkins @HonkingGoose
Update docs/usage/self-hosted-configuration.md
ce1f806 
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
@rarkins @HonkingGoose
Update docs/usage/self-hosted-configuration.md
6f308a9 
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
@rarkins
docs: remove random bytes
725c7bb
HonkingGoose
HonkingGoose suggested changes Sep 10, 2021
View reviewed changes
Copy link
Collaborator

@HonkingGoose HonkingGoose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can use want instead of wish to, to simplify a bit.

docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Outdated Show resolved Hide resolved
@rarkins @HonkingGoose
Apply suggestions from code review
ba80c6b 
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
HonkingGoose
HonkingGoose suggested changes Sep 11, 2021
View reviewed changes
Copy link
Collaborator

@HonkingGoose HonkingGoose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it looks good overall, some things we might want to fix/look at though.

docs/usage/self-hosted-configuration.md Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Show resolved Hide resolved
docs/usage/self-hosted-configuration.md Show resolved Hide resolved
@rarkins rarkins changed the title feat(config): scoped secrets using pgp feat(config): scoped secrets using pgp/gpg Sep 11, 2021
@rarkins @HonkingGoose
Update docs/usage/self-hosted-configuration.md
84207bc 
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
HonkingGoose
HonkingGoose previously approved these changes Sep 11, 2021
View reviewed changes
Copy link
Collaborator

@HonkingGoose HonkingGoose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with the docs now.

viceice
viceice reviewed Sep 13, 2021
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some docs things, code LGTM

docs/usage/self-hosted-configuration.md Show resolved Hide resolved
@rarkins rarkins marked this pull request as draft September 14, 2021 10:10
@rarkins
Copy link
Collaborator Author

rarkins commented Sep 14, 2021

Will merge tomorrow as I need to synchronize things somewhat between docs, encrypt page, and app version

@rarkins rarkins marked this pull request as ready for review September 16, 2021 09:23
@rarkins rarkins enabled auto-merge (squash) September 16, 2021 10:10
@rarkins rarkins merged commit ee29fdc into main Sep 16, 2021
@rarkins rarkins deleted the feat/10641-pgp branch September 16, 2021 10:11
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 27.10.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@viceice viceice viceice approved these changes

@HonkingGoose HonkingGoose HonkingGoose left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support encrypting longer secret through https://app.renovatebot.com/encrypt
4 participants
@rarkins @renovate-release @viceice @HonkingGoose