Open
Milestone
started on Apr 1, 2024
Supply chain attacks
Objective
The objective of this milestone is to develop and implement a comprehensive plan to mitigate the risks associated with supply chain attacks in our organization. We already seen and addressed a few problems in our infrastructure that could have been exploited by malicious actors. Strengthening our build system and adding cryptographic signature to our deployments is a first step to reduce these risks in the future
The Key Deliverables of these project.
- Setting up a secure Key Management System (KMS) to store all our secrets that are used in the CI
- Rotating all existing keys in the CI and substitute them with derivative keys stored in the KMS
- Removing all keys from the CI ENV variables and adopt OpenID Connect (OIDC)
- Document the KMS usage and key rotation best practices.
- Sign Debian packages and APT repositories using these new keys.
Timeline
-
Setting up a secure key management system : 2 weeks @nguyencharles.nlabs -
Rotating all existing keys in the CI and substitute them with derivative keys stored in the KMS : 2 weeks @neo.nl -
Removing all keys from the CI ENV variables and adopt OIDC : 3 weeks -
Documentation : 2 weeks @abate -
Debian packages and APT repositories : 1 week @abate
Loading
Loading
Loading
Loading