You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To specify an encryption environment to untrust the user on, set the standard App-Config environment variables (`ENV`, `NODE_ENV`, or `APP_CONFIG_ENV`).
99
+
If no environment is specified, the user will be untrusted on the `default` environment.
100
+
101
+
To completely untrust a user from your project you must untrust them from all encryption environments they were trusted on.
102
+
95
103
::: warning
96
104
While the above is true, be wary of how the timeline of events interacts with version control.
97
105
:::
@@ -107,13 +115,20 @@ This key (public + private) can be added as protected environment variables in y
107
115
108
116
The CLI will output both of these with instructions.
109
117
118
+
To use different keys for different secret environments suffix the environment variable names with the name of the environment.
119
+
For example - to specify the keys that will be used in an environment called `production` use these environment variables:
120
+
121
+
-`APP_CONFIG_SECRETS_KEY_PRODUCTION`
122
+
-`APP_CONFIG_SECRETS_PUBLIC_KEY_PRODUCTION`
123
+
110
124
## Implementation Details
111
125
112
-
- We store a list of team members public keys in meta files
113
-
- We store a list of 'encryptionKeys' (symmetric keys) in meta files
126
+
- We store a list of team members public keys per encryption environment in meta files
127
+
- We store a list of 'encryptionKeys' (symmetric keys) per encryption environment in meta files
114
128
- Keys are symmetric, but are themselves stored in encrypted form (encrypted by team members' public keys, which allows any team member to decrypt it)
115
129
- Once the key is given to somebody, they can always decrypt secrets that were encrypted with it
116
130
- Keys have 'revision' numbers, so we can use the latest one (revision is embedded into the password itself, to prevent tampering in the YAML)
131
+
- The encryption environment is included in the revision to determine which symmetric key set to use to decrypt the secret
117
132
- By keeping revisions, we can untrust a user without having to re-encrypt every secret made before
118
133
- You'd likely still want to rotate most passwords, but doing so automatically (dumping out YAML files everywhere) would be extremely difficult to do right
119
134
- The secrets are already compromised, so manual intervention is needed regardless
@@ -146,6 +161,29 @@ It serves no logical roles, it's simply there as metadata for you to identify wh
It can be useful to have different levels of trust on the same repository. For example, it may make sense for your project to have fewer people able to decrypt the secrets used on production then the secrets for a QA environment.
182
+
183
+
To add secret environments to an existing project just move your existing `teamMembers` and `encryptionKeys` values under a `default` property.
To create a new encryption environment use the `init-key` CLI subcommand while setting one of the standard App-Config environment variables (`ENV`, `NODE_ENV`, or `APP_CONFIG_ENV`) with the new encryption environment.
0 commit comments