Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Component: Secrets #5260

Open
6 tasks
StachuDotNet opened this issue Jan 14, 2024 · 0 comments
Open
6 tasks

Component: Secrets #5260

StachuDotNet opened this issue Jan 14, 2024 · 0 comments
Labels
later Let's think about this later -- we have some higher-priority things to work through first

Comments

@StachuDotNet
Copy link
Member

StachuDotNet commented Jan 14, 2024

This Issue exists to collect many items that relate to "Secrets" in Darklang -- a managed system of creating encrypted values such as passwords, referencing/using them, and protecting them from parties who shouldn't have access.

Before working on any of this, we need to get a bit further along with our baseline CLI and editing experience.

  • bring back Secrets in darklang-next locally
    • take inspiration from james
  • Allow adding documentation to secrets
    • When a user adds a secret, there's often useful information to go with it, such as a description, or how to set it or change it. As I add some API keys to an app, I find I want a link to the documentation, and also a link to how to change the key. If possible, a user might want to link to the upstream "resource" (maybe a page for that key on the vendor's dashboard).
  • support deleting secrets (see old Support deleting Secret Keys #2815)
  • Add regular notification of secrets
    • Users might set up Dark with a secret and then forget about it, which increases the attack surface should dark be compromised.
    • To help with this, we should send regular notifications to customers listing the names of secrets they have stored on the platform. Maybe a monthly or quarterly email that they can configure in settings.
  • thoughts: "prevent accidental exposure" (see old Secrets: Prevent Accidental Exposure #3709)
    • todo: extract the individual ideas here
@StachuDotNet StachuDotNet added later Let's think about this later -- we have some higher-priority things to work through first needs-review I plan on going through each of the issues and clarifying them -- this is to mark remaining issues labels Feb 8, 2024
@StachuDotNet StachuDotNet removed the needs-review I plan on going through each of the issues and clarifying them -- this is to mark remaining issues label Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
later Let's think about this later -- we have some higher-priority things to work through first
Projects
None yet
Development

No branches or pull requests

1 participant