How best to store sensitive files in SCM?
My team is doing some "DevOps" prototyping and one of the principles is that you construct and deploy your test and production systems based on automation scripts and configuration files stored in SCM. We are using RTC 3.0 for SCM and build.
Some of the configuration files are quite sensitive - e.g. SSH private keys - but must be stored in SCM to allow for full automation.
I'm wondering if anyone could shed light on best practices for storing sensitive files like this in SCM. Here was my first take:
1. Upgrade to RTC 3.0.1 for the finer-grained SCM Read Permissions support
2. Create a new team area ("Sensitive Data Team") for functional users and a small number of admin users
3. Create a component ("Sensitive Data") that contains things like SSH private keys, password files, etc.
Does this sound like the best approach or are there better ways?
Some of the configuration files are quite sensitive - e.g. SSH private keys - but must be stored in SCM to allow for full automation.
I'm wondering if anyone could shed light on best practices for storing sensitive files like this in SCM. Here was my first take:
1. Upgrade to RTC 3.0.1 for the finer-grained SCM Read Permissions support
2. Create a new team area ("Sensitive Data Team") for functional users and a small number of admin users
3. Create a component ("Sensitive Data") that contains things like SSH private keys, password files, etc.
Does this sound like the best approach or are there better ways?
3 answers
That looks about right to me.
Note that if you cannot upgrade to RTC 3.0.1, you can replace steps 1
and 2 with just "create a project area which allows read access by only
the list of users that should have read access to the sensitive data",
and make this project area the owner of the sensitive component.
Also, you might want to look at work item 168196 "Provide read
permission at the folder/file granularity" to confirm that this would
allow you to simplify step 3 (i.e., you'd just specify access control on
those files, and not have to create a separate component for them).
Cheers,
Geoff
On 7/14/2011 7:08 AM, bill wrote:
Note that if you cannot upgrade to RTC 3.0.1, you can replace steps 1
and 2 with just "create a project area which allows read access by only
the list of users that should have read access to the sensitive data",
and make this project area the owner of the sensitive component.
Also, you might want to look at work item 168196 "Provide read
permission at the folder/file granularity" to confirm that this would
allow you to simplify step 3 (i.e., you'd just specify access control on
those files, and not have to create a separate component for them).
Cheers,
Geoff
On 7/14/2011 7:08 AM, bill wrote:
My team is doing some "DevOps" prototyping and one of the
principles is that you construct and deploy your test and production
systems based on automation scripts and configuration files stored in
SCM. We are using RTC 3.0 for SCM and build.
Some of the configuration files are quite sensitive - e.g. SSH private
keys - but must be stored in SCM to allow for full automation.
I'm wondering if anyone could shed light on best practices for storing
sensitive files like this in SCM. Here was my first take:
1. Upgrade to RTC 3.0.1 for
the
finer-grained SCM Read Permissions support
2. Create a new team area ("Sensitive Data Team") for
functional users and a small number of admin users
3. Create a component ("Sensitive Data") that contains
things like SSH private keys, password files, etc.
Does this sound like the best approach or are there better ways?
We are using RTC with TomCat, and have setup Tomcat for LDAP authentication of users.
When a user starts an Eclipse client, they are asked for *2* passwords - one is their LDAP authentication password, and the other is the "secure password" that goes with the RTC connection (I think).
I don't see a reason for having 2 passwords; is there something I'm missing?
If not, is there a way to remove the need for the 2nd password in some configuration setting?
-Marshall Schor
When a user starts an Eclipse client, they are asked for *2* passwords - one is their LDAP authentication password, and the other is the "secure password" that goes with the RTC connection (I think).
I don't see a reason for having 2 passwords; is there something I'm missing?
If not, is there a way to remove the need for the 2nd password in some configuration setting?
-Marshall Schor
I don't see a reason for having 2 passwords; is there something I'm missing?
You should only ever be prompted for one password. If you have chosen the 'save your password' option, then you will be prompted by Eclipse to secure your password storage if running on Linux or OS X. When running on Windows, the password for your secure storage is automatically managed.
If you chose not to save your password, then you should be prompted to enter your LDAP password, because it wasn't saved.