search

NASA-IMPACT / eclipse-che-jupyterhub-deployment

MIT License
0 stars 2 forks source link

Check for secrets + make this repo public #71

Closed abarciauskas-bgse closed 2 years ago

abarciauskas-bgse commented 2 years ago

Motivation: We want to share this code with the world, but specifically other Che development teams, so we can collaborate on solutions to deploying and managing Eclipse Che.

AC:

jpolchlo commented 2 years ago

Installed git-secrets, ran the following in the cloned repo:

git secrets --install
git secrets --register-aws
git secrets --scan-history

This produced no output for any branch. git secrets --list shows

secrets.providers git secrets --aws-provider
secrets.patterns (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
secrets.patterns ("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
secrets.patterns ("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
secrets.allowed AKIAIOSFODNN7EXAMPLE
secrets.allowed wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

which indicates that git-secrets was correctly configured.

This is either sufficient evidence that there is no secret data checked in, or a starting point from which further steps to be taken can be identified.

j08lue commented 2 years ago

Thanks @jpolchlo!

@abarciauskas-bgse, do you think we need more checks or cleaning? I think closed issues and PRs look fine to share.

I will refine the docs (README) just a little, explaining what this repo contains and what not, then I think we are good.

j08lue commented 2 years ago

And should we rename this project to eclipse-che-jupyterhub-deployment or so, since it is not very VEDA-specific?

abarciauskas-bgse commented 2 years ago

I think as long as there are no secrets in history, it's fine to make it a public repository (and change the name).

I'll go ahead and do that if you agree? Or @jpolchlo can do it if he has the required permissions.

j08lue commented 2 years ago

Great, please do @abarciauskas-bgse.

I added a few notes to the README, please review here: #76

jpolchlo commented 2 years ago

I don't have permissions to make this repo public. :sad_trombone:

abarciauskas-bgse commented 2 years ago

Done