Some secrets in the current OONI setup are long-term and not revocable. Namely, bouncer key. Maybe others (e.g. hardcoded onion names of some collectors, THs and other endpoints -- that has to be inspected).
This items should be protected from disk damage, but both I and @hellais do not feel okay committing them to ooni/sysadmin repository even with ansible-vault AES encryption.
The plan is that alike backup file should:
be created with some semi-automatic procedure
be encrypted with PGP keys of people in adm_logins (@hellais, @darkk and @bassosimone), basically, following the idea of root-passwd
go to separate bucket named like ooni-passwords-keys-and-secrets under OONI AWS account
be uploaded there manually to avoid possible mistakes with API tokens
hellais
commented
4 years ago
Some secrets in the current OONI setup are long-term and not revocable. Namely, bouncer key. Maybe others (e.g. hardcoded onion names of some collectors, THs and other endpoints -- that has to be inspected). This items should be protected from disk damage, but both I and @hellais do not feel okay committing them to
ooni/sysadminrepository even withansible-vaultAES encryption. The plan is that alike backup file should:adm_logins(@hellais, @darkk and @bassosimone), basically, following the idea ofroot-passwdooni-passwords-keys-and-secretsunder OONI AWS account