dudicoco
commented
1 year ago @jvehent thoughts?
Open dudicoco opened 2 years ago
dudicoco
commented
1 year ago @jvehent thoughts?
BertelBB
commented
1 year ago @dudicoco isn't ISO 27001 all about defining and following procedures? I.e. storing encrypted data in git shouldn't be a concern, but how and who can access that data must be defined. I'm no expert in the matter but I think that's the gist of it
dudicoco
commented
1 year ago @BertelBB storing encrypted data in git could be a concern since the encrypted content could more easily be leaked. Even if it's encrypted some security standards might not agree with this possibility.
I'm not sure which standards would or wouldn't accept this that's why i'm asking it here.
Gruummy
commented
4 months ago @dudicoco I think you only will figure it out when you try it one time. I also was not able in front of to clarify the questions i had in mind.
So we simply started a isolated POC and have given the results into the security audits and production readyness check precedures in our company.
Then the contact persons which i wanted to ask before automatically caused by our established process of reviews for such things popped up with questions, concerns ... hints .... and so on.
In our project we use sops even in production since nearly 5 years, and there was no argument which anforced us to not use sops for storing encrypted secrets in our git.
The most important points are which type of private keys you want to use and how you manage them.
Hi,
Would using SOPS and storing encrypted secrets in git raise any concerns during security audits such as ISO 27001, pentests, etc.?