digger icon indicating copy to clipboard operation
digger copied to clipboard

Published 20 hours ago verified publisher icon diggerhq

Support sops secret encryption

Open ZIJ opened this issue 1 year ago • 1 comments

Currently supporting sops would require granting the orchestrator backend privileges to decrypt them, because it checks out the repo prior to starting the jobs. This is not ideal from security / compliance standpoint; we'd want to keep the high-privilege operations confined within the CI job whenever possible.

Potential solution: move parsing logic to a warmup job

ZIJ avatar Feb 01 '24 16:02 ZIJ

Potential solutions:

  • https://github.com/diggerhq/digger/issues/1107

ZIJ avatar Feb 01 '24 17:02 ZIJ