Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace legacy GPG usage with Secrets Manager. #4482

Merged
merged 2 commits into from
Feb 20, 2024
Merged

Replace legacy GPG usage with Secrets Manager. #4482

merged 2 commits into from
Feb 20, 2024

Conversation

sengi
Copy link
Contributor

@sengi sengi commented Feb 17, 2024
edited
Loading

Get rid of our sketchy use of GPG.

  • Add a playbook entry for retrieving a shared credential from Secrets Manager (with a subtle warning about the evils of allowing such things to exist in the first place).
  • Replace links to the govuk-secrets pass store with references to Secrets Manager.
  • Secure and simplify a clunky procedure for rotating Fastly API tokens which the Emergency Alerts feature apparently uses to purge objects from the CDN cache.
  • Remove all references to GPG, including a page about using it to transfer files (yowch!)

This unblocks deleting the security dumpster-inferno that is the govuk-secrets repo.

Background

It's 2024. Even 5-10 years ago, infosec professionals were blogging about how problematic GPG is (though some folks still like using it for email 🤷). Our usage of it has always been pretty iffy, so let's make the most of the opportunity to get rid of it while we can.

KludgeKML
KludgeKML approved these changes Feb 19, 2024
View reviewed changes
Copy link
Contributor

@KludgeKML KludgeKML left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

sengi added 2 commits February 20, 2024 16:31
@sengi
Replace legacy GPG usage with Secrets Manager.
86b58ae 
It's time we got rid of our dreadfully insecure use of GPG for shared
secrets (and in general).

- Add a playbook entry for retrieving a shared credential from Secrets
  Manager (with a subtle warning about the evils of allowing such things
  to exist in the first place).
- Replace links to the govuk-secrets pass store with references to
  Secrets Manager.
- Secure and simplify a clunky procedure for rotating Fastly API tokens
  which the Emergency Alerts feature apparently uses to purge objects
  from the CDN cache.
- Remove all references to GPG, including a page about using it to
  transfer files (yowch!) which I suspect some poor soul added in a
  valiant but doomed attempt to handle that whacky API token request the
  first time around (vide supra).

This unblocks deleting the security dumpster-inferno that is the
govuk-secrets repo.
@sengi
f
fb1372a
@sengi sengi force-pushed the sengi/die-gpg-die branch from 547f351 to fb1372a Compare February 20, 2024 16:32
@sengi
Copy link
Contributor Author

sengi commented Feb 20, 2024

Rebase to fix merge conflict.

@sengi sengi marked this pull request as ready for review February 20, 2024 16:33
@sengi sengi merged commit 0f759ec into main Feb 20, 2024
7 checks passed
@sengi sengi deleted the sengi/die-gpg-die branch February 20, 2024 16:36
@sengi sengi mentioned this pull request Feb 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KludgeKML KludgeKML KludgeKML approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sengi @KludgeKML