Managing Secrets

Monteur allows and manage data that is secret and confidential in nature for its CI Jobs. It's built with high customizations and known safety controls.

This function is available since Monteur v0.0.2.

Customizable Pathing with Overriding Mechanism

Monteur secret management allows you to fully customize how to parse your secret data files from multiple location where each overrides one to the others. This allows a default layouts and expose necessary secret data at different level of access.

To customize, look for Filesystem.SecretDir array field in .configs/monteur/workspace.toml data file. Example:

1
2
3
4
5
6


[Filesystem]
...
SecretsDir = [
        '{{ .HomeDir }}/.secrets',
        '{{ .RootDir }}/.configs/monteur/secrets',
]

This will parse all compatible secret files from {{ .HomeDir }}/.secrets first and then overrides with {{ .RootDir }}/.configs/monteur/secrets secret data. Hence, the position of the pathing is important:

If {{ .HomeDir }}/.secrets has a field called App.Color = 'Green'
and {{ .RootDir }}/.configs/monteur/secrets has the same field called App.Color = 'Red'
The final queriable output for App.Color is Red.
Should there be 2 files in the same directory each having App.Color with different values, the output is unpredictable. Hence, please resolve and avoid this conflict.

As shown above, Variable Formatting Capability is available for constructing your path dynamically.

Supported File Formats

Currently, Monteur supports the following data file formats, in priority:

TOML (.toml) - primary configuration file.

Logging Protection

All Monteur's output to STDOUT, STDERR, and log files are constantly filtered by redacting all secrets' value to protect their secrecy and confidentiality. These values are redacted directly using Go's string.ReplaceAll function for each secret value.

At the moment, Monteur is performing dumb filtering where it will redact all non-related but matching output. Example, if a secret data is as simple as 0, all 0 from the log and output terminals are redacted blindly.

We are still working on how to smartly and securely redact sensitive information. As of now, being dumb is better than being sorry.

Protection Caveat

While we do all our best to secure your secret data, Monteur CANNOT redact processed secret data (E.g. regex extraction via [CMD] and etc) and we DO NOT want to complicate the filter function to the point of significantly slowing down the entire Monteur performance.

Therefore:

ONLY use Monteur's secrets feature for direct data insertion, NOT data processing.
DO NOT share your raw log files without business needs-to-know and peer-review all log files to 100% ensure secrecy data are redacted.
DO NOT abuse this secrecy feature of Monteur..

Querying Secret data

To query a secret data, Monteur supplies a template function called GetSecret. Example:

1

Authentication = 'token {{ GetSecret "Github.Token" -}}'

Flattened Data Structure

To reduce memory footprint and duplications all over your memory locations for these sensitive data, Monteur flattened the complex data structure of yours into a simple 1:1key:value query. Example, for the following data structure:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20


[Sample]
Type = 'squirrel'

[[Sample.Favourites]]
Food = [
	"Apple",
	"Pineapple",
]

[[Sample.Hates]]
Food = [
	"Beef",
	"Shrimp",
]

[[Sample.Favourites]]
Toy = [
	"Tree",
	"Honey Feeder",
]

The query for the secret data (left side) would be:

1
2
3
4
5
6
7
8


"Sample.Type"                 = 'squirrel'
"Sample.Favourites.0.Foods.0" = 'Apple'
"Sample.Favourites.0.Foods.1" = 'Pineapple'
"Sample.Favourites.1.Toy.0"   = 'Tree'
"Sample.Favourites.1.Toy.1"   = 'Honey Feeder'
"Sample.Favourites.1.Foods.0" = '<no data>'
"Sample.Hates.0.Foods.0"      = 'Beef'
"Sample.Hates.0.Foods.1"      = 'Shrimp'

The Key is always a string. The Value retains its original data type except map and array which got flattened out.

Should any invalid query appears, the string <no data> shall appear as its replacement.

Security Review Assistances

For those who wants to review Monteur's secret handling source codes, here are the repository compass to speed up your discovery process and reduces the learning burden. Feedbacks and vulnerability reports are always welcomed. Bug bounty is only on best-effort basis.

gopkg/monteur/internal/secrets - the 3rd-party vendor parser.
gopkg/monteur/internal/libsecrets - the interface package between 3rd-party and Monteur internal use.
gopkg/monteur/internal/libworkspace - the secrets management got initialized.
gopkg/monteur/internal/apiCommand.go - where the secrets are being shifted into internal operations.
gopkg/monteur/internal/libcmd - where the secrets are used to create job loggers.
gopkg/monteur/internal/liblog - where Monteur internal logging function works.

By default and always, only libsecrets.Secrets is created as a struct pointer where it is being passed around. The data is stored privately and safely inside the structure and can only be quried using its Query and Filter methods.

Epilogue

That's all for Montuer's managing secret and confidential data in its CI Job implementations. If you have any question, please feel free to raise your question at our Issues Section.