Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 27, 2021
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Oct 2021
Assess ? Worth exploring with the goal of understanding how it will affect your enterprise.

Plaintext secrets checked into source control (usually Github) are one of the most pervasive security mistakes developers make. For this reason we thought it useful to feature Mozilla Sops, a tool for encrypting secrets in text files that our developers find useful in situations where it is impossible to remove secrets from legacy code repositories. We've mentioned many tools of this type before (Blackbox, git-crypt), but Sops has several features that set it apart. For example, Sops integrates with cloud-managed keystores such as AWS and GCP Key Management Service (KMS) or Azure Key Vault as sources of encryption keys. It also works cross-platform and supports PGP keys. This enables fine-grained access control to secrets on a file-by-file basis. Sops leaves the identifying key in plain text so that secrets can still be located and diffed by git. We're always supportive of anything that makes it easier for developers to be secure; however, remember that you don't have to keep secrets in source control to begin with. See Decoupling secret management from source code in our November 2017 issue.

Download Technology Radar Volume 27

English | Español | Português | 中文

Stay informed about technology

 

Subscribe now

Visit our archive to read previous volumes