(Feat): Interacting with projects programmatically #1400
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 9387832 | Triggered | Generic Password | 04c12d9 | backend/src/db/seeds/1-user.ts | View secret |
| 9387832 | Triggered | Generic Password | 0cecf05 | backend/src/db/seeds/1-user.ts | View secret |
| 9387832 | Triggered | Generic Password | f2c36c5 | backend/src/db/seeds/1-user.ts | View secret |
| 9387832 | Triggered | Generic Password | faa842c | backend/src/db/seeds/1-user.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
DanielHougaard
force-pushed
the
daniel/ghost-users-full
branch
3 times, most recently
from
b7278d0
to
ae4fa7e
Compare
DanielHougaard
requested review from
akhilmhdh,
dangtony98,
vmatsiiako and
maidul98
and removed request for
akhilmhdh and
dangtony98
DanielHougaard
force-pushed
the
daniel/ghost-users-full
branch
from
9ab242e
to
a9f0474
Compare
There was a problem hiding this comment.
One more question. As we are polling the system. Are we blocking user interactions.
Because what will happen if user's does something while the indexing is happening behind the scene. Blind index didn't had this issue because those secrets were never accessible by end users. But this case is not
...retApprovalPage/components/SecretApprovalRequest/components/SecretApprovalRequestChanges.tsx
Outdated
Show resolved
Hide resolved
frontend/src/components/v2/UpgradeProjectAlert/UpgradeProjectAlert.tsx
Outdated
Show resolved
Hide resolved
This is an interesting case yea. I agree, we should to some degree block secret mutations while an upgrade is happening. I've just pushed a change that blocks secret write operations if an upgrade is active. You can check it out here. |
|
Note: API breaking change checker will fail because we've removed |
DanielHougaard
force-pushed
the
daniel/ghost-users-full
branch
from
f47c479
to
602933c
Compare
DanielHougaard
force-pushed
the
daniel/ghost-users-full
branch
from
995a81d
to
554f0cf
Compare
Description 📣
This PR introduces a new concept called ghost users. Due to the nature of Infisical's end-to-end encryption structure, it was previously not possible to interact with projects programmatically through the API and other consuming applications. By introducing ghost user's, we're slowly moving to a more industry-standard way of storing secrets securely, while at the same time improving the user experience for everyone.
To sum it up. The main purpose of the PR is to make the API more user-friendly, and to introduce a better approach as to how we securely store secrets. Existing projects will get an option to upgrade to the new ghost user logic. All new projects will be created with the ghost logic by default.
Type ✨