Decentralized secret templates #1621
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
By using a naming convention for templates, We don't need to maintain the list of templates and we can have multiple templates with the same name but in different locations
jeanregisser
requested review from
aaronmgdr,
cmcewen and
jmrossy
as code owners
martinvol
reviewed
Nov 7, 2019
| @@ -20,7 +20,6 @@ | |||
| "report-coverage": "yarn run lerna run test-coverage", | |||
| "test:watch": "node node_modules/jest/bin/jest.js --watch", | |||
| "postinstall": "yarn run lerna run postinstall && patch-package && yarn keys:decrypt", | |||
| "preinstall": "bash scripts/create_key_templates.sh", | |||
There was a problem hiding this comment.
Not really sure if this is a good practice, but the reason this is in the preinstall is in case some dependency needs this for yarning or build. In case what I just said doesn't make any sense, then just 🚢
There was a problem hiding this comment.
It totally makes sense and I was also concerned by this when I made the change.
I think it's ok for now and we can revisit if it causes an issue later.
martinvol
approved these changes
Nov 7, 2019
jmrossy
approved these changes
Nov 7, 2019
Codecov Report
@@ Coverage Diff @@
## master #1621 +/- ##
=======================================
Coverage 74.15% 74.15%
=======================================
Files 287 287
Lines 7652 7652
Branches 667 667
=======================================
Hits 5674 5674
Misses 1865 1865
Partials 113 113
Continue to review full report at Codecov.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Following @martinvol's comment, I wanted to use the existing template mechanism to place the
secrets.jsonfor blockchain-api.I noticed however that all templates were in the same folder and
secrets.jsonwas already used for the mobile project.I took this as an opportunity to decentralize this a little bit by using a filename convention.
Whenever you need a template for some encrypted file listed in
scripts/key_placer.sh, add it next to thexxx.encfile.For instance if you have
packages/my_project/secrets.jsonlisted inscripts/key_placer.sh, you can createpackages/my_project/secrets.json.templatewith the public template content you want and it will be automatically placed if you don't have access to decryption keys.Let me know what you think.
Tested
Ran
yarn keys:decryptwith and without having access to our keyring.Templates are correctly used when I don't have access to our keyring.
Other changes
N/A
Backwards compatibility
Yes