-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add SSI Credential Issuer #114
chore: add SSI Credential Issuer #114
Conversation
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
- | - | Generic High Entropy Secret | c942144 | charts/umbrella/values.yaml | View secret |
- | - | Generic High Entropy Secret | c942144 | charts/umbrella/values.yaml | View secret |
- | - | Generic High Entropy Secret | ee95d3d | charts/umbrella/values.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
b9eb60b
to
93bdf86
Compare
Hi @mgarciaLKS as those are test secrets, I skipped GitGuardian |
@evegufy Thanks for the feedback. I have made the changes mentioned above, I hope they are correct this time. On the other hand, would there be a way to skip GitGuardian automatically and also run the remaining tests? So I wouldn't have to wait for you to do it manually, and I can fix the tests that fail dynamically? Greetings. |
Hi @mgarciaLKS thanks for implementing the changes! No, it's not possible to skip GitGuardian automatically but now that you're a project contributor (eclipse-tractusx/sig-infra#539) the remaining test should be triggered automatically without manual approval. |
@evegufy One question, now that the test are divided in two shared services to optimize resources, in which Shared Services file should I enable the SSI Credential Issuer for the tests? |
Hi @mgarciaLKS right, forgot about that, could you please add it to file 2? |
@evegufy It seems to have worked :) |
Description
This pull request adds the SSI Credential Issuer to the umbrella chart.
It was proposed by my co-worker @gomezbc in the 29/07 meeting and has been carried out by @gomezbc and myself according to his approval.
eclipse-tractusx/sig-release#710
Pre-review checks
Please ensure to do as many of the following checks as possible, before asking for committer review: