search

hackforla / knowledgebase-content

GNU General Public License v2.0
0 stars 0 forks source link

Create a Guide/Template: Preventing Secrets & Credentials Leaks in GitHub #69

Open gregpawin opened 3 years ago

gregpawin commented 3 years ago

Overview

We need to create a guide to preventing secrets and credentials from being published on GitHub.

Action Items

The phases in the guide-making process are listed below. Each phase displayed in blue is linked to a wiki page with instructions on how to complete that phase. Open the wiki page in a new tab, copy the instructions for each part into the section labeled 'Tasks' at the bottom of this issue, and complete each task listed.

Projects with no mention of "secrets" and/or "credentials" in their Contributing.md or README.md file:

Projects to check

ExperimentsInHonesty commented 3 years ago

@salice Can you share with us:

gregpawin commented 3 years ago

When I published the Lucky Parking secrets, I got the warning within minutes and fixed it right away, which included killing the old credentials and creating new ones.

ExperimentsInHonesty commented 3 years ago

@gregpawin how long did the clean up take? https://github.com/hackforla/engineering/issues/17#issuecomment-891511226

gregpawin commented 3 years ago

It took less than 30 mins

ExperimentsInHonesty commented 2 years ago

sophias repo with pre commit hooks https://github.com/100Automations/github-actions https://github.com/100Automations/pre-commit-hooks

JasonEb commented 2 years ago

Trying to revive and keep a pulse on this issue. @gregpawin is this issue still active for you? Is there anything we can help you with?

gregpawin commented 2 years ago

Sorry, this issue originated from the engineering COP as a part of the effort to create guides for all the COPs. I have since then stepped down from lead engineering COP and it seems that the issue got moved to ops.

JasonEb commented 2 years ago

Thanks so much for the update! We'll follow-up with Bonnie and see what's to be done with this issue.

On Wed, Jul 20, 2022 at 5:48 PM Greg Pawin @.***> wrote:

Sorry, this issue originated from the engineering COP as a part of the effort to create guides for all the COPs. I have since then stepped down from lead engineering COP and it seems that the issue got moved to ops.

— Reply to this email directly, view it on GitHub https://github.com/hackforla/knowledgebase-content/issues/69, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQCKQ7PJNTJJWJ4FZGUFLDVVCM45ANCNFSM5HKJ4X7Q . You are receiving this because you were assigned.Message ID: @.***>

Aditya23soni commented 1 week ago
Prior version of issue

### Overview We need to create a guide to preventing secrets and credentials from being published on GitHub. ### Action Items - [ ] Gather examples of how other projects have done it, adding each example as a link in the resources section - [ ] Once done, remove the "TG: Gather Examples" label and add the "TG: Draft Template" label - [ ] Create a draft template, either in markdown format in this issue or a google doc in the [Engineering google drive](https://drive.google.com/drive/u/0/folders/1xWllQli2wUSsRF9OaSQBBQ1vaY7kRkAT) - [ ] Once done, remove the "TG: Draft Template" label and add the "TG: Create Guide" label - [ ] Create a guide on how to use the template - [ ] Once done, remove the "TG: Create Guide" label and add the "TG: Review Guide" label - [ ] Review the guide with product management communities of practice - [ ] Once done, remove the "TG: Review Guide" label and add the "TG: Leadership Review" label - [ ] Present to Hack for LA leadership team for sign off - [ ] Once approved, remove the "TG: Leadership Review" label and add the "TG: Place Guide" label - [ ] Possibly create an issue template on .github - [ ] Include link to template under resources if you add it as a template in .github ### Resources Update tracker issue (TBD) with the name of item you are working #### Projects with no mention of "secrets" and/or "credentials" in their Contributing.md or README.md file: - [100 Automations](https://github.com/100automations/website) - [311 Data](https://github.com/hackforla/311-data) - [Access the Data](https://github.com/hackforla/access-the-data) - [BallotNav](https://github.com/hackforla/ballotnav) - Civic Opportunity Project - [Civic Tech Index](https://github.com/civictechindex/CTI-website-frontend) - [Civic Tech Structure](https://github.com/hackforla/civic-tech-structure) - [Engage](https://github.com/hackla-engage) - [Expunge-Assist (formerly known as Record Clearance)](https://github.com/hackforla/expunge-assist) - [Food Oasis](https://github.com/hackforla/food-oasis) #### Projects to check - [Brigade Organizer's Playbook](https://github.com/codeforamerica/brigade-playbook) - [Civic Tech Jobs](https://github.com/hackforla/CivicTechJobs) - [Data Science Projects](https://github.com/hackforla/data-science) - [Design Systems](https://github.com/hackforla/design-systems) - [GreenEarthOS](https://github.com/hackforla/climate-project) - [Guides](https://github.com/hackforla/guides) - [HomeUniteUs](https://github.com/hackforla/homeuniteus) - [Internship project](https://github.com/hackforla/intership) - [Lucky Parking](https://github.com/hackforla/lucky-parking) - [Open Community Survey](https://github.com/hackforla/open-community-survey) - [TDM Calculator](https://github.com/hackforla/tdm-calculator) - [VRMS](https://github.com/hackforla/vrms) - [Hack for LA's Website](https://github.com/hackforla/website) - [Youth Justice Nav](https://github.com/hackforla/YouthJusticeNav/)

Aditya23soni commented 1 week ago
Assignee, Labels, Project Board Placement, and Milestones for this issue in the Ops Repo:

Screenshot 2024-10-04 at 7 14 20 PM

Aditya23soni commented 1 week ago

@gregpawin This guide issue is moving to the knowledgebase-content repo. If you would like to maintain edit access to the issue and its associated files, please fill out the Google Drive Access Form