-
-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Have a challenge with a backup bucket containing the secret #982
Comments
Hi @commjoen I would like to work on this challenge can you assign this to my name |
Thank you for volunteering @PalaniappanC ! I have assigned the issue to you. |
Hi @commjoen I have setup the project and started with implementing the basic challenge as per the contributing.md file. I have doubts around the terraform and s3 bucket part. I have created a seperate terraform folder under the AWS folder. I have performed the terraform initialisation to have an s3 bucket called backupchallenge. I have doubts in the remaining two tasks. Can you explain them in a little detailed manner |
So the idea is that the secret itself is kept in a file. The file should be:
The challenge then needs to be loaded with the location of the secret (E.g. either in test resources or in a hidden location within the docker container, similar to other file-based challenges. Please have a look at https://github.com/OWASP/wrongsecrets/blob/master/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java on how to load this from a pre-set path. |
Hi @commjoen We should have the copy logic in this docker right? |
Yes sir :-) |
Feel free to draft a PR or contact us on Slack if you need anything :). |
Hi @commjoen Have got stuck up with regular routine this week. Will draft a PR this weekend. |
Hi @commjoen we should have the logic to create secret file in docker-create.sh and we should have the file copy logic in Dockerfile right |
Yes :-) |
Hi @PalaniappanC ! How are you doing? Do you have any updates on this good sir :) ? |
Hi Jeroen, sorry for the late reply. I was not able to proceed. Please
assign this issue to someone else. Thanks
Thanks and Regards,
Palaniappan Chellathambi
…On Mon, 12 Feb, 2024, 2:25 am Jeroen Willemsen, ***@***.***> wrote:
Hi @PalaniappanC <https://github.com/PalaniappanC> do you have any
updates on this :) ?
—
Reply to this email directly, view it on GitHub
<#982 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AK6I62MNMRRZIRNHGA5CTRTYTEV2RAVCNFSM6AAAAAA4RPWXXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZXHA3DMOBUGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Context
Have a backup s3/storage bucket with a private ed25519 key publicly exposed
Secure your backup at all cost
Docker/cloud depending on how we implement the backup solution
Actions:
The text was updated successfully, but these errors were encountered: