How to encript or secure the keys while pushing to GIT? - spring

I am using developing the application using Spring Boot, there are some secret keys has to be added to the files but while committing and pushing the file to Git it must not be visible to the public.
As those keys in the files need to be secure, how to provide the security or any encryption to those files??

As mentioned, don't push these files to a public repo, or any repo where you think other developers on the team should not have access.
You can easily ensure these files don't somehow get committed by using a .gitignore file:
gitignore - Specifies intentionally untracked files to ignore
See: .gitignore documentation
Here is a collection of useful .gitignore configurations: A collection of useful .gitignore templates
Rather than using encryption, it would be better to use a directory and repo structure as follows:
Project directory: All project files, no secrets.
Secrets directory: Secrets only.
Project repo: Public repository.
Secrets repo: Private repository giving access to trusted developers.
Then within your project you simply reference the necessary secrets in the secrets directory.
If you do decide to use GPG encryption (not recommended as then you have to remember not to by mistake push an un-encrypted file), you can use a basic symmetric cipher. On a Unix machine, install gpg and then use the following terminal command - it will request a password and generate an encrypted .gpg file.
-c, --symmetric encryption only with symmetric cipher
gpg -c secrets.txt

You should save that keys as an environment variables.
How to store and retrieve that values will depend on the tools you used.
In your case, I think Spring framework can do really.
Hope you get the logic and can find out how to achieve that in Spring or server that you used.

Related

Can I use .gitignore or .git/info/exclude to impede specific users from pulling/pushing files that are deemed "restricted" to them?

I'm hosting a bare repository on Windows Server 2008 with Windows Git and OpenSSH.
For legal reasons, I want some files to be inaccessible for a specific user but remain accessible to all other users. In other words, I want certain "restricted" files to be ignored (non-pullable) for a specific user.
Assume we have two users (Administrator and Guest) and a Git repository with 2 files : (a.txt and b.txt).
Assume "b.txt" is a restricted file that Guest should not have access to.
git clone guest#ipaddress:C:/path/to/repository.git or
git pull guest#ipaddress:C:/path/to/repository.git
should clone or pull "a.txt"
git clone administrator#ipaddress:C:/path/to/repository.git or
git pull administrator#ipaddress:C:/path/to/repository.git
should clone or pull both files.
Is there a way to achieve this result with .gitignore or .git/info/exclude?
Is there a way to achieve this result with .gitignore or .git/info/exclude?
No.
Git is all about commits, and pull (really, git fetch) and push operations transfer commits. Commits contain files—a commit consists partly of data (a snapshot) and partly of metadata (information about the snapshot)—and you either have a commit, in which case you have all the files, or you don't have a commit, in which case you don't have all the files.
Files that need restrictions for whatever reasons—legal, corporate, or otherwise—must either not be in Git at all, or stored in some sort of pre-secured fashion (e.g., encrypted). In general the "not in Git at all" approach tends to work best. Consider storing, in Git, the URL of a restricted Web site that stores the actual file.
It's not possible to restrict user access to only parts of a repository. gitignore files are designed to prevent people from accidentally checking in code they didn't intend, not to restrict access to code already in the repository.
Even solutions that limit access to refs can be bypassed by a clever attacker in a way that lets them exfiltrate data from the repository. You should assume anyone with read access to a repository can read all of the objects in that repository; if you need to restrict some users' access to certain data, it needs to either be encrypted or live in a different repository.

Dealing with YAML config files and credentials

With a Spring Boot application, the artifact of choice for deployment seems to be a single executable file, JAR or WAR. In one case, I have added my own encryption/decryption to the project so that I can check in my application configuration without plain-text credentials. If I build a deployment archive with a configuration file, that's checked in with empty credentials, I have to populate the credentials just before I package and deploy. Or, if I choose to use plain-text creds in the configuration file, I'm always forgetting to remove the creds and keep checking in the file with visible credentials.
I'm writing my question here to see if anyone has any bright ideas around how we can manage this, develop, checkin, package, and deploy without all this dancing around the YAML configuration files.
For a JHipster app my encryption/decryption solution at least protected the files from plain-text, but any sharp Java developer could use my encryption utility to decode the creds I check in.
What's the best strategy here? Could we easily add the creds with some scripts or Maven/Gradle operation? I'm game to change anything.
For me, the obvious solution is to externalize the config both local and deployed. And, if I can override the template config (without the creds) in my git repo, I'll still have the template version of my configs local and in the repo.

How to create a git repository in memory?

I am currently working on a flashcard application where decks created by the user act as Git repositories. When a card is created in the app, a new file is committed to the repository, when a card is changed, the file is changed, and when a card is deleted--well, you get the point.
The file format that the application saves to is a gzipped Git repository, so at no point will I ever need to write the repository to disk. How can I best handle treating decks as a Git repository in this way?
Take a look at libgit2. It supports the in-memory git repository scenario and also has bindings to many languages:
https://libgit2.github.com
For example, by using rugged, the ruby binding for libgit2, you could do things like this:
a_backend = Rugged::InMemory::Backend.new(opt1: 'setting', opt2: 'setting')
repo = Rugged::Repository.init_at('repo_name', :bare, backend: a_backend)

Git error: could not commit config file

I'm trying to add a new remote repository (GitHub) to an existing project, and I'm getting an error that I've never seen before, and don't understand:
$ git remote add github git#github.com:me/myrepo.git
error: could not commit config file .git/config
What? Why would I commit the git config file? And how do I make this stop happening?
I'm on a Mac, with a relatively fresh install of most of my tools. I think this is the first time I've tried to add a remote to a repo on this machine.
Some git commands modify the git config file. One of them is git remote add, because the remote is stored in the config file.
To avoid problems with several git processes modifying the config file simultaneously, git will lock the config file before changing it (by writing a lock file), and release the lock afterwards (by renaming the lock file to the config file).
The error message
error: could not commit config file .git/config
means that git could not properly release this lock. This probably means that either another process was working on the same file, or there was some kind of filesystem error (or there's a bug in git or your OS/libraries).
Unfortunately, git does not tell you what exactly was the problem, so you'll have to manually debug this. You could try running git with dtruss to see what exactly is going wrong.
This could be a permissions issue, especially for automated jobs running on Windows that can have fewer permissions than an interactive login of the same user. From this answer on ServerFault:
Each logon session to a Windows (NT-based versions, that is) machine
has a "security token"-- a data structure that describes, amongst
other things, the groups that the user represented by the token is a
member of.
The "Interactive" identity isn't a group that you can manually place
members into, but rather is added by the operating system,
automatically, when a security token is constructed for a user who has
logged-on via the Windows Graphical User Interface. This is similar to
the "Network" identity, which is added automatically to tokens created
for users who are accessing the machine via the network.
These automatically-generated group memberships allow you to construct
permissions that might allow or deny access to resources based on how
the user is accessing the machine. This supplements the permission
system's default behavior of arbitrating access based on who is
accessing the resource.

Pushing .gitignore files to specific remote

I made a Sinatra app, that will be hosted on Heroku, and the source will be up on GitHub. The problem is that i have a file with API keys, that is currently in .gitignore. Is there a way, that I can push my repo to heroku with the key file and exclude the file when pushing to GitHub?
Thanks in advance!
It is possible to maintain a separate branch just for deployment, but it takes much discipline to maintain it properly:
Add a commit to a production branch that adds the config file (git add -f to bybass your excludes).
To update your production branch, merge other branches (e.g. master) into it.
However, you must then never merge your production branch into anything else, or start branches based on any “production commit” (one whose ancestry includes your “add the keys” commit).
An easier path is to adopt Heroku’s custom of using environment variables to communicate your secret values to your instances. See the docs on Configuration and Config Vars:
heroku config:add KEY1=foobar KEY2=frobozz
Then access the values via ENV['KEY1'] and ENV['KEY2'] in your initialization code or wherever you need them. To support your non-Heroku deployments, you could either define the same environment variables or fall back to reading your existing config files if the environment variables do not exist.
The Figaro gem provides a good way to manage this issue. It basically simulates Heroku's environment variable approach locally, and makes it easy to keep your keys in sync between your development environment and Heroku.

Resources