an invention by mdati
Description
Scope here is to prevent reserved data or generally "unwanted", to be pushed and saved on a public repository, i.e. on Github, causing disclosure or leaking of reserved informations.
The above definition of reserved or "unwanted" may vary, depending on the context: sometime secret keys or password are stored in data or configuration files or hardcoded in source code and depending on the scope of the archive or the level of security, it can be either wanted, permitted or not at all.
As main target here, secrets will be registration keys or passwords, to be detected and managed locally or in a C.I. pipeline.
Goals
Detection:
- Local detection: detect secret words present in local files;
- Remote detection: detect secrets in files, in pipelines, going to be transferred on a remote repository, i.e. via
git push;
Reporting:
- report the result of detection on stderr and/or log files, noticed excluding the secret values.
Acton:
- Manage the detection, by either deleting or masking the impacted code or deleting/moving the file itself or simply notify it.
Resources
- Project repository, published on Github (link): m-dati/hkwk24;
- Reference folder: hkwk24/chksecret;
- First pull request (link): PR#1;
- Second PR, for improvements: PR#2;
- README.md and TESTS.md documentation files available in the repo root;
- Test subproject repository, for testing CI on push [TBD].
Notes
We use here some examples of secret words, that still can be improved.
The various patterns to match desired reserved words are written in a separated module, to be on demand updated or customized.
[Legend: TBD = to be done]
Looking for hackers with the skills:
This project is part of:
Hack Week 24
Activity
Comments
-
12 months ago by mdati | Reply
This project was completed at a first phase: a simple python program to inspect a desired local perl(but not only) code file (see links in Resources).
Next step should be to set a workflow and make it running on code going to be published on a remote repo: but this will come next [TBD]
Bye !
Reply to mdati
This project was completed at a first phase: a simple python program to inspect a desired local perl(but not only) code file (see links in Resources).
Next step should be to set a workflow and make it running on code going to be published on a remote repo: but this will come next [TBD]
Bye !
# A First Level Header ## A Second Level Header Use one asterisk to *emphasize* Use two asterisks for **strong emphasis** - Use hyphens - for unordereed - lists This is an [link to example.com](http://example.com/) This is an image  This is a user link @hans This is a project link hw#some-cool-title
Similar Projects
concierge: a distributed object capabilities based secret management tool implemented with Spritely Goblins by gleidi
Description
The idea is to build a FOSS command line (for now) secrets management tool, you may have heard of SOPS or Hashicorp Vault, with Spritely Goblins.
Goblins is a distributed object programming environment. It provides an intuitive security model, automatic local transactions for locally synchronous operations, and an easy to use and efficient asynchronous programming interface for encapsulated objects which can live anywhere on the network. Its networking model abstracts away these details so the programmer can focus on object programming rather than protocol architecture.
Goblins also integrates powerful distributed debugging tools, and a process persistence and upgrade model which respects its security fundamentals.
Goals
- learn more about distributed object capabilities environments
- create a Goblins application able to serialize encrypted secrets and allow only the read capability owner to read the serialized secrets.
Resources
- https://codeberg.org/fishinthecalculator/concierge
- https://spritely.institute/goblins/
- https://www.gnu.org/software/guile/manual/guile.html
Looking at Rust if it could be an interesting programming language by jsmeix
Get some basic understanding of Rust security related features from a general point of view.
This Hack Week project is not to learn Rust to become a Rust programmer. This might happen later but it is not the goal of this Hack Week project.
The goal of this Hack Week project is to evaluate if Rust could be an interesting programming language.
An interesting programming language must make it easier to write code that is correct and stays correct when over time others maintain and enhance it than the opposite.