Skip to content

feat(EN-2932): Migrate github secrets to vault #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 22, 2025
Merged

feat(EN-2932): Migrate github secrets to vault #56

merged 1 commit into from
Sep 22, 2025

Conversation

karouf
Copy link
Member

@karouf karouf commented Sep 19, 2025

Transition to Secure GitHub Actions Workflows (STEP-18 Compliance)

As part of our security enhancements, we have done the legwork to migrate approximately 100 of our 420 repositories left to no longer store secrets on GitHub servers, complying with STEP-18. We need your help to finalize this transition.
This change is required by Platform Security for all repositories that use GitHub Actions workflows.

Why This Change?

  • To eliminate the storage of sensitive data on GitHub servers, securing our operations.

What to Do?

  • Review this PR to confirm that your workflows behave as expected with the new secrets handling method.
  • Test the workflows manually if possible, especially on this PR branch.
  • Ensure to merge this PR by 15th September. Past this date, any remaining PRs will be force merged by the Platform Security team.

Need Help?

Next Steps

  • Post-merger, be vigilant for any potential failures and address them promptly to maintain smooth operations.

@karouf
Copy link
Member Author

karouf commented Sep 22, 2025

Compilation issues are not related to the changes made for STEP-18. I can reproduce locally and tried building the Docker image for commit d4d6ae1 which was fine before and it's now failing...

@karouf karouf marked this pull request as ready for review September 22, 2025 08:06
@karouf karouf merged commit 4b8161f into main Sep 22, 2025
5 of 7 checks passed
@karouf karouf deleted the EN-2932-Migrate-secrets-usage-to-STEP-18-for-Doctolib-Org branch September 22, 2025 13:41
karouf added a commit that referenced this pull request Sep 24, 2025
@karouf
Revert "feat(EN-2932): Migrate github secrets to vault (#56)"
b1b3f91 
This reverts commit 4b8161f.
@karouf karouf mentioned this pull request Sep 24, 2025
Merged
karouf added a commit that referenced this pull request Oct 6, 2025
@karouf
revert(EN-2932): allow neurow to use GHA secrets (#57)
e4167e9 
As discussed with @benassipaul and @bpaquet this repo needs to use an
ARN to push the Docker image but as an org we don't want to expose this
ARN so it will be set up as a GHA secret.

- **Revert "feat(EN-2932): Migrate github secrets to vault (#56)"**
- **Revert "feat(EN-2932): Migrate github secrets to vault (#55)"**
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpaquet bpaquet Awaiting requested review from bpaquet bpaquet is a code owner

@achouippe achouippe Awaiting requested review from achouippe achouippe is a code owner

@gcxRun gcxRun Awaiting requested review from gcxRun gcxRun is a code owner

@papey papey Awaiting requested review from papey papey is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@karouf