Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Checksums and Signatures to allow for protecting against collisions of resources #7

Open
the-avid-engineer opened this issue Apr 11, 2023 · 0 comments
Open

Implement Checksums and Signatures to allow for protecting against collisions of resources #7

the-avid-engineer opened this issue Apr 11, 2023 · 0 comments

Comments

@the-avid-engineer
Copy link
Owner

the-avid-engineer commented Apr 11, 2023
edited
Loading

Solves #2

Deployment would store some kind of metadata that can be retrieved before deployment for existing stacks.

A Checksum can always be generated from the request to update the template.

A Signature can be generated if the CLI is given a private key by cryptographically hashing the Checksum.

dotnet <tool> deploy <configuration key> --signing-key <private key>

If a Signing Key is given, then before deploying an existing stack, verify the stack's signature against the checksum using the signing key.

  • If the deployment does not have a Signature, continue with deployment
  • If deployment has a Signature, but it doesn't match the Checksum, the deployment is aborted

As part of deployment:

  • Generate a Checksum and persist it to the stack
  • If a Signing Key is given, generate a Signature and persist it to the stack

AWS CloudFormation

Perhaps use reserved Tags deploy:Checksum and deploy:Signature?
@the-avid-engineer the-avid-engineer changed the title Implement Deployment Signing to allow for protecting against collisions and prevent back-to-back deployments causing unnecessary waiting cycles. Implement Checksums and Signatures to allow for protecting against collisions and prevent back-to-back deployments causing unnecessary waiting cycles. Apr 11, 2023
@the-avid-engineer the-avid-engineer changed the title Implement Checksums and Signatures to allow for protecting against collisions and prevent back-to-back deployments causing unnecessary waiting cycles. Implement Checksums and Signatures to allow for protecting against collisions and prevent back-to-back deployments from unnecessarily extending waiting cycles. Apr 11, 2023
@the-avid-engineer the-avid-engineer changed the title Implement Checksums and Signatures to allow for protecting against collisions and prevent back-to-back deployments from unnecessarily extending waiting cycles. Implement Checksums and Signatures to allow for protecting against collisions of resources Apr 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-avid-engineer