stackoom
  简体   繁体   中英

How to securely encrypt secrets over Github Webhooks?

 原文  2017-02-10 20:54:48       security/ encryption/ github/ webhooks

Question

I have a service running on a server that updates and restarts itself whenever I push new code to the repository using Github Webhooks. It has access to a bunch of databases, and the credentials for those databases are hard coded into a config file. I want to encrypt the config file and only decrypt it into memory when the service starts.

Since I have the service being started, it's looking like the encryption key will need to exist on the web server, which defeats the point of encrypting the file in the first place.

Can I use some authentication property of Github as the encryption key or in some other way pass a key to the server that isn't saved to disk? How should this file be secured?

1 answers

solution1
 2 ACCPTED  2017-02-11 00:09:19

How should this file be secured?

Not by GitHub or anything Git related.

You need either:

But GitHub itself only hosts repo, it does not manage secrets.
A GitHub webhook is just a callback, meaning there mush be a service listening to that callback.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to encrypt pdf files securely How to securely build a key vault with secrets with terraform How can an application store secrets in Google Cloud Datastore securely? Accessing Key Vault secrets securely How to securely encrypt many similiar chunks of data with the same key? How to securely save the redux-persist-transform-encrypt key? How to send password securely over HTTP? OAuth 1.0a, 2-legged: how do you securely store clients' credentials (keys/secrets)? Securely and automatically push to Github How to securely allow Github Actions to check PR and post results in comment
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM