Hi
Sadly the problems regarding Salsa did just gain a new level. For those
who don't follow debian-private or the monthly meetings of the Cloud
team, this is the short version:
- The instance was not updated for any of the last nine upstream
releases, it is now seven months out of upstream security support.
- It is now affected by a critical (aka pre-auth) vulnerability, which
leads to expossure of secrets stored in the instance.
I don't see or hear anything that would make me think there will be any
meaningful change in maintenance procedures in the future.
Our image management stuff uses capabilities of Salsa and also uses it
to store the secrets required to do privileged operations on Cloud
platforms. Those stored secrets are non-expiring and allow privileged
access to our releases on those platforms.
After thinking about, I propose two projects:
- Move secrets to Vault.
- Move the critical projects to a properly maintainer GitLab instance.
Using Hashicorp Vault as secrets store allows us tighter controls, like
- providing the jobs with temporary access credentials,
- restricting from where credentials can be read and
- get an audit log when, who, where credentials have been requested.
Using another GitLab instance is a bit more problematic. Due to the
ressources we use, most of the instances out there are kind of out of
the question. Which remains is hosting one ourselves. That's not
ideal, by far.
Regards,
Bastian
--
A father doesn't destroy his children.
-- Lt. Carolyn Palamas, "Who Mourns for Adonais?",
stardate 3468.1.
