Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Assignment Proposal
Title
Secure your git and CD pipeline with SOPS.
Names and KTH ID
Deadline
Category
Description
In this assignment we will demonstrate how to securely store sentitive files in git using SOPS: an open-source tool specially created for encrypting and decrypting the values in the configuration files of the software application that is being developed. We will first quickly showcase how passwords stored in configuration files can be a vulnerability. Then, we will quickly deploy SOPS and secure our CD pipeline. Our goal is to showcase how a simple script can greatly improve the security of the delivery process.
In this demo we aim to demonstrate that the gap between "proper security" (e.g. using Vault and dynamic keys) and "no security" (storing passwords in files) can be filled with minimal effort.
Relevance
Implementing security mechanisms is itself an entire task. Especially in the starting phase, the focus is always put on functionality and features, and thus, security has a tendency to be left behind. That is at least until the application reaches a certain level of maturity where proper security becomes less of a feature and more of a requirement. But, until that happens, a lot of software is left defenseless in the face of potential attackers. Thus, even minimal security, such as encrypting the passwords in configuration files, can make a huge difference. It is then important that developers are at least aware of the potential solutions that could be implemented "in the meantime".