search

MozillaFestival / mozfest-program-2018

Mozilla Festival proposals for 2018
https://mozillafestival.org
100 stars 21 forks source link

Managing Secrets Safely with Version Control Systems #75

Open mozfest-bot opened 6 years ago

mozfest-bot commented 6 years ago

[ UUID ] 5db76deb-fdd3-4cb4-aca3-389660607f10

[ Session Name ] Managing Secrets Safely with Version Control Systems [ Primary Space ] Openness [ Secondary Space ] Privacy and Security

[ Submitter's Name ] Chris Otta [ Submitter's Affiliated Organisation ] LakeHub [ Submitter's GitHub ] @ottagit

What will happen in your session?

A hands-on micro-workshop on the basics of managing secret data (usernames/passwords, SSH keys, API keys, name of databases or internal servers) securely with Git when collaborating on shared public repositories.

The session contains sections as follows:

Participants jot down (on post-in notes) their favorite version control systems (VCSs), discussing their reasons for preference Two people share their stories on instances when they inadvertently shared secret data on a shared public repository (personal, team or organization), jeopardizing their work in the process Participants jot down and discuss ways of mitigating exposure of secret data when contributing to public projects Hack with git-crypt as an example tool for safely managing secret data when collaborating on public project repositories.

What is the goal or outcome of your session?

A collection of ideas on data that ought NOT be stored in a Git (or any VCS) repository and an understanding of the reasons why A basic understanding of available software tools and services for protecting sensitive data and coordinating the necessary access during deployment of Git repositories, and their pros and cons

If your session requires additional materials or electronic equipment, please outline your needs.

A projector and office supplies including, paper, pens and post-in notes will be enough for this session.

Time needed

60 mins

yochannah commented 6 years ago

I really like the sound of this session! Like you say, anyone who has worked with VCS probably has a story or two about the time when they accidentally checked in something inappropriate. It also really nicely represents the tension between appropriate sharing (openness) and oversharing (privacy and security) - but I wonder if the primary space for this maybe should be Privacy and Security? Tagging @bunnybooboo for thoughts.

ottagit commented 6 years ago

Thank you @yochannah for sharing your thoughts. With reference to the reasons you've mentioned, it was a bit tricky settling on the primary space between openness and privacy and security. Intently looking at it, I think oversharing is more pronounced meaning privacy and security would fit as the primary space.

ottagit commented 6 years ago

@yochannah Still, let's wait and get thoughts from @bunnybooboo :+1: