Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add blog post for the new secret plugin protocol #2121

Merged
merged 5 commits into from
Jun 1, 2022
+74 −0
Merged

add blog post for the new secret plugin protocol #2121

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8688c64
wip
VinozzZ May 31, 2022
69d747d
add example bundle walkthrough
VinozzZ May 31, 2022
41a9bbf
fix some typo
VinozzZ May 31, 2022
51e956e
address comment
VinozzZ Jun 1, 2022
efb26f3
fix typos and update the blog title
VinozzZ Jun 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions docs/content/blog/persist-sensitive-data-safely.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
---
title: "Upgrade your plugins to securely store sensitive data"
description: "Learn how to keep your sensitive data generated by Porter safe and sound"
date: "2022-05-31"
authorname: "Yingrong Zhao"
author: "@vinozzz"
authorlink: "https://twitter.com/GaysianB612"
authorimage: "https://github.com/VinozzZ.png"
tags: ["best-practices", "plugins"]
summary: |
Keep sensitive data generated by Porter safe and sound with the new secret plugin protocol
---

As Porter approaches a v1.0.0 release, we have made an improvement in Porter to make sure any sensitive data generated or referenced by Porter is stored in a secure location.
The newly updated secret plugin protocol enables Porter to securely store sensitive data in an external secret store instead of in Porter's database.

Previously Porter only uses plugins for retrieving secrets from a secret store. When it comes to storing data generated by bundles, Porter uses storage plugins like Mongo as its backend database solution. If sensitive data, such as a database connection string, were generated by a bundle, it would be stored in a Mongo database in plain text.
Now Porter requires users to configure a secret store to hold any data that has been marked as sensitive by the bundle.

Let's walk through how to utilize this new feature by updating your Porter configuration file and selecting an appropriate secret plugin.

First, [install the latest Porter v1 prerelease](https://release-v1.porter.sh/install/#prerelease).

Next, let's install a bundle that handles sensitive data using just the default Porter configuration.

```
porter install --reference ghcr.io/getporter/examples/sensitive-data --param password=123a123
```

You should see below error message in the output from the above command:
```
failed to save sensitive param to secrete store: rpc error: code = Unknown desc = The default secrets plugin, secrets.porter.host, does not support persisting secrets: not implemented
```

The example bundle defines a sensitive parameter named as `password` and a sensitive output called `name`.

Porter's default secret plugin does not persist sensitive data. Any bundle that references or produces sensitive data will fail to execute. We do this because there isn't a clear set of safe defaults that are suitable for all users when it comes to storing sensitive data. Instead it is up to the user to select and configure an appropriate secrets plugin.

Now let's configure Porter to persist sensitive data with the [filesystem](https://release-v1.porter.sh/plugins/filesystem/) plugin.

```yaml
default-secrets-plugin: "filesystem"
```

The [filesystem plugin](https://release-v1.porter.sh/plugins/filesystem/) resolves and stores sensitive bundle parameters and outpus as plain-text files in your PORTER_HOME directory.
Note: the filesystem plugin is only intended for testing and local development usage. It's not intended to be used in production. The end of this blog post has recommended plugins that are suitable for production use.

Now you have a secret store set up, we can finally to install the example bundle, this time successfully.

```
porter install --reference ghcr.io/getporter/examples/sensitive-data --param password=123a123
```

Once the installation process finishes, you should see outputs like below:

```
executing install action from sensitive-data (installation: /sensitive-data)
Install Hello World
Hello, installing example-bundle with password: *******
execution completed successfully!
```

If you inspect Porter's database, it stores a reference to the sensitive data that was saved in the configured secret store. Porter no longer stores the sensitive data in its database.

Instead, we can find our "password" in our filesystem plugin. In your PORTER_HOME directory, you should find a subdirectory named `secrets`. Each file under this directory contains the sensitive value corresponding to a sensitive parameter or sensitive output from a run of a bundle.

This is why it's important to choose a secure secret plugin for your production environment so that your sensitive data is protected. As you can see, the filesystem plugin is only acceptable for local development and testing.

Here are some secret plugins that we recommand for production use:
- [Azure Key Vault](https://release-v1.porter.sh/plugins/azure/#secrets)
- [Kubernetes Secrets](https://release-v1.porter.sh/plugins/kubernetes/#secrets)
- [Hashicorp Vault](https://release-v1.porter.sh/plugins/hashicorp/)

Give them a try and let us know how it works for you! If there is a secret solution that you would like to use with Porter, let us know, and we can help make that happen more quickly.