search

GitGuardian / APISecurityBestPractices

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
https://www.gitguardian.com
Other
1.92k stars 89 forks source link

Serious issue with secret storage advice #18

Open DLMousey opened 4 years ago

DLMousey commented 4 years ago 
### Store your secrets encrypted in a git repository

**Advantages**

* Your secrets are synced.

No, no no no no no, No. No.

Secrets have no place in version control - they shouldn't be distributed, they shouldn't be in version control. If the secrets are encrypted and in version control that's even worse because you have to distribute the private key for them as well, sooner or later this will inevitably end up in your repository.

Once the secrets (and worse - potentially your private key too) are in version control (and heaven forbid outside of a network you control), you are relying completely on software you likely don't have control over to ensure these secrets remain exactly that; secret.

This is before you get to the issue of there suddenly being zero accountability, if you're using something like AWS and using a non-free service and everyone's using the same set of credentials there's no way of keeping track of who's running up the bill.

Secrets need to be exactly that - secret, bonus points if they're also easy to revoke and replace.

austinmccalley commented 4 years ago

By opening a private repository that hosts all of the secrets, it opens up a new attack vector. Often people will sign up for random services and use the GitHub integration; often, they don't review what the service is allowed to see. This is another attack vector. As DLMousey said above, you are relying on software outside of your network to be in control rather.