fediversity/fediversity
13
2
Fork 6
Code Issues 157 Pull requests 29 Projects 1 Activity Actions

Replace snakeoil-key with proper secret #87

New issue
Open
opened 2025-01-31 10:17:09 +01:00 by fricklerhandwerk · 1 comment
fricklerhandwerk commented 2025-01-31 10:17:09 +01:00
Owner
Copy link

Currently the pixelfed service definition hardcodes a service secret. Can't deploy it to production that way. Replace it with a managed secret.

implementation notes

c.f.:

Currently the [pixelfed service definition](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/services/fediversity/pixelfed.nix) hardcodes a service secret. Can't deploy it to production that way. Replace it with a managed secret. ### implementation notes c.f.: - SelfHostBlocks [SSL contract](https://shb.skarabox.com/contracts-ssl.html) - openbao's [PKI secrets engine](https://openbao.org/docs/secrets/pki/) (needs #493)
Niols was assigned by fricklerhandwerk 2025-01-31 10:17:16 +01:00
Niols commented 2025-01-31 14:09:11 +01:00
Owner
Copy link

This issue is not only for Pixelfed; all three services share this.

This issue is not only for Pixelfed; all three services share this.
Niols changed title from Pixelfed: Replace snakeoil-key with proper secret to Replace snakeoil-key with proper secret 2025-01-31 14:09:17 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
ci/pixelfed
pixelfed-ci
No results found.
Labels
Clear labels   
0 points

fibonacci complexity: 0 points

  
0.5 points

fibonacci complexity: 0.5 points

  
1 point

fibonacci complexity: 1 point

  
13 points

fibonacci complexity: 13 points

  
2 points

fibonacci complexity: 2 points

  
21 points

fibonacci complexity: 21 points

  
3 points

fibonacci complexity: 3 points

  
34 points

fibonacci complexity: 34 points

  
5 points

fibonacci complexity: 5 points

  
55 points

fibonacci complexity: 55 points

  
8 points

fibonacci complexity: 8 points

  
api service

features that may relate more to a (to be created) API service

  
blocked

   
component: fediversity panel

   
component: nixops4

   
documentation

   
estimation high: >3d

   
estimation low: <2h

   
estimation mid: <8h

   
infinite points

fibonacci complexity: infinite points

  
productisation

features out-scoped with the decoupling of the productisation effort

  
project-management

Project management related tasks

  
question

   
role: application developer

   
role: application operator

   
role: hosting provider

   
role: maintainer

   
security

   
technical debt

   
testing

   
type unclear

   
type: bug

Anything that doesn't work as advertised

  
type: deliverable

   
type: key result

   
type: objective

   
type: task

   
type: user story

   
user experience
No labels
0 points
0.5 points
1 point
13 points
2 points
21 points
3 points
34 points
5 points
55 points
8 points
api service
blocked
component: fediversity panel
component: nixops4
documentation
estimation high: >3d
estimation low: <2h
estimation mid: <8h
infinite points
productisation
project-management
question
role: application developer
role: application operator
role: hosting provider
role: maintainer
security
technical debt
testing
type unclear
type: bug
type: deliverable
type: key result
type: objective
type: task
type: user story
user experience
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
Niols
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#155 Address CI friction between security and caching
fediversity/fediversity
#291 code passes security check
fediversity/fediversity
Reference: fediversity/fediversity#87
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?