Managing Secrets Safely with Version Control Systems

[ UUID ] 5db76deb-fdd3-4cb4-aca3-389660607f10

[ Session Name ] Managing Secrets Safely with Version Control Systems [ Primary Space ] Openness [ Secondary Space ] Privacy and Security

[ Submitter's Name ] Chris Otta [ Submitter's Affiliated Organisation ] LakeHub [ Submitter's GitHub ] @ottagit

What will happen in your session?

A hands-on micro-workshop on the basics of managing secret data (usernames/passwords, SSH keys, API keys, name of databases or internal servers) securely with Git when collaborating on shared public repositories.

The session contains sections as follows:

Participants jot down (on post-in notes) their favorite version control systems (VCSs), discussing their reasons for preference Two people share their stories on instances when they inadvertently shared secret data on a shared public repository (personal, team or organization), jeopardizing their work in the process Participants jot down and discuss ways of mitigating exposure of secret data when contributing to public projects Hack with git-crypt as an example tool for safely managing secret data when collaborating on public project repositories.

What is the goal or outcome of your session?

A collection of ideas on data that ought NOT be stored in a Git (or any VCS) repository and an understanding of the reasons why A basic understanding of available software tools and services for protecting sensitive data and coordinating the necessary access during deployment of Git repositories, and their pros and cons

If your session requires additional materials or electronic equipment, please outline your needs.

A projector and office supplies including, paper, pens and post-in notes will be enough for this session.

Time needed

60 mins