this post was submitted on 28 Feb 2024
1400 points (99.6% liked)

Programmer Humor

32571 readers
230 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 9 months ago (2 children)

Self-approval leads to a road of sadness. For example, a theoretical company needs to self-renew an ssl cert. No problem, the cert will be stored with the rest of the secrets and retrieved in a secure way on deployment. Unfortunately if you don't store the cert key in a secure way, the deployment still works fine and you don't need to figure out the "onerous" encryption process.

So you push the private key to the company git repo, and then deploy the cert! Done and Done.

[–] [email protected] 7 points 9 months ago

We have well established ways to deal with secrets. Also, everyone is responsible enough to not self approve changes where they do things they are uncertain of.

[–] [email protected] 0 points 9 months ago

If you don't establish an encryption mechanism for secrets that allows for automatic, in memory decryption on deployment from the start of your project, then your project is run by incompetent developers/ops specialists/architects/management/etc. and deserves to fail.