website icon indicating copy to clipboard operation
website copied to clipboard

Published 20 hours ago verified publisher icon hackforla

Create a wiki page about best practices for maintaining GitHub secrets

Open SAUMILDHANKAR opened this issue 2 years ago • 9 comments

Overview

As a developer, I would like all the secrets being used in the website repo to be well maintained. In this issue, we will create a wiki page about the best practices for maintaining and resetting secrets in GitHub repos.

Action Items

  • [ ] Explore how GitHub secrets and tokens work.
  • [ ] Research the best practices for resetting secrets in general, including the Audit and rotate registered secrets as well as Audit how secrets are handled sections in this helpful article on using secrets.
  • [ ] Decide on what would be the best place to add your research to HfLA wiki pages
  • [ ] Create a wiki page and list your recommendations/suggestions that might be helpful for the website team going forward.
  • [ ] Once done, reach out to the leads or merge team in a team meeting or on slack for a review, since there won't be any PR created for this issue.
  • [ ] For reviewers: Once this issue is approved and closed, check off the dependency in #3228, remove the dependency label and move issue #3228 from ice box column to the new issue approval column.

Resources/Instructions

SAUMILDHANKAR avatar Jun 22 '22 23:06 SAUMILDHANKAR

Hi @SAUMILDHANKAR.

Good job adding the required labels for this issue. The merge team will review the issue and add a "Ready for Milestone" label once it is ready for prioritization.

Additional Resources:

github-actions[bot] avatar Jun 22 '22 23:06 github-actions[bot]

@SAUMILDHANKAR There will need to be an action item to add something to the wiki so that people in the future can find the document. Also, as much as possible should be added to the wiki except where it compromises security.

ExperimentsInHonesty avatar Jun 26 '22 15:06 ExperimentsInHonesty

@ExperimentsInHonesty I have added an action item to add the research information to a wiki page. This issue won't have any secure information related to our repo so all of the research can go on the wiki page. Thanks.

SAUMILDHANKAR avatar Jun 26 '22 23:06 SAUMILDHANKAR

@SAUMILDHANKAR Is this ready for a "ready for milestone" label? If yes, please add the "ready for milestone" label and remove the "ready for dev lead" label. Thanks.

JessicaLucindaCheng avatar Aug 02 '22 00:08 JessicaLucindaCheng

Hi @blulady, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:- i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?) ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

github-actions[bot] avatar Sep 19 '22 02:09 github-actions[bot]

availability: 22-9-23/26 eta: 22-9-29

blulady avatar Sep 21 '22 03:09 blulady

Progress update: got side tracked Availability: 22-10-1/2 ETA: 22-10-3

blulady avatar Sep 28 '22 02:09 blulady

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Tuesday, October 4, 2022 at 12:32 AM PST.

github-actions[bot] avatar Oct 07 '22 07:10 github-actions[bot]

Progress: sitting down with this now Blockers: just haven't had time Availability: 6 hours this week Eta: unknown Pictures: None, probably won't be any, we'll see

blulady avatar Oct 11 '22 17:10 blulady

Progress: have searched the internet for best practices, did speak with a dev about how they handle theirs -very project specific, recommends changing often especially if we have logs because they can print out the secrets Blockers: haven't found a good protocol to apply, need to talk it over with the team Availability: 6 hours this week Eta: unknown Pictures: None, probably won't be any, we'll see

blulady avatar Oct 19 '22 02:10 blulady

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Tuesday, October 25, 2022 at 12:20 AM PST.

github-actions[bot] avatar Oct 28 '22 07:10 github-actions[bot]

Progress: Have spoken to mentor/other Developers about GH Secrets maintenance was advised to change regularly and that often times they can be printed out by logs Blockers: Other more pressing concerns have prevented me from having a discussion with the team about how we want to handle this Availability: a few hours on Monday ETA: After I speak with everyone else, I am looking forward to making a formal write up

blulady avatar Oct 28 '22 19:10 blulady

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, November 7, 2022 at 11:21 PM PST.

github-actions[bot] avatar Nov 11 '22 07:11 github-actions[bot]

Talking to Devs this weekend.

blulady avatar Nov 17 '22 18:11 blulady

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, November 21, 2022 at 11:17 PM PST.

github-actions[bot] avatar Nov 25 '22 07:11 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, November 28, 2022 at 11:17 PM PST.

github-actions[bot] avatar Dec 02 '22 07:12 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, December 5, 2022 at 11:16 PM PST.

github-actions[bot] avatar Dec 09 '22 07:12 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, December 12, 2022 at 11:15 PM PST.

github-actions[bot] avatar Dec 16 '22 07:12 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, December 19, 2022 at 11:16 PM PST.

github-actions[bot] avatar Dec 23 '22 07:12 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, December 26, 2022 at 11:15 PM PST.

github-actions[bot] avatar Dec 30 '22 07:12 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, January 2, 2023 at 11:15 PM PST.

github-actions[bot] avatar Jan 06 '23 07:01 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, January 9, 2023 at 11:16 PM PST.

github-actions[bot] avatar Jan 13 '23 07:01 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, January 16, 2023 at 11:16 PM PST.

github-actions[bot] avatar Jan 20 '23 07:01 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, January 23, 2023 at 11:16 PM PST.

github-actions[bot] avatar Jan 27 '23 07:01 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, January 30, 2023 at 11:17 PM PST.

github-actions[bot] avatar Feb 03 '23 07:02 github-actions[bot]

@blulady If you are not working on this anymore, can you finish making your notes and stick it back in the backlog?

ExperimentsInHonesty avatar Feb 07 '23 01:02 ExperimentsInHonesty

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, February 6, 2023 at 11:17 PM PST.

github-actions[bot] avatar Feb 10 '23 07:02 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

Progress: "What is the current status of your project? What have you completed and what is left to do?" Blockers: "Difficulties or errors encountered." Availability: "How much time will you have this week to work on this issue?" ETA: "When do you expect this issue to be completed?" Pictures (optional): "Add any pictures of the visual changes made to the site so far." If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

Adaakal avatar Feb 10 '23 21:02 Adaakal

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, February 13, 2023 at 11:17 PM PST.

github-actions[bot] avatar Feb 17 '23 07:02 github-actions[bot]

@blulady

Please add update using the below template (even if you have a pull request). Afterwards, remove the '2 weeks inactive' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the developer meeting discussion column and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel.

You are receiving this comment because your last comment was before Monday, February 20, 2023 at 11:17 PM PST.

github-actions[bot] avatar Feb 24 '23 07:02 github-actions[bot]