![flaws in deleted keybase kept chat flaws in deleted keybase kept chat](https://www.komando.com/wp-content/uploads/2021/09/kk-article-20210912-protonmail-secure-esp-gave-data-to-law-enforcement-1200x675-1.jpg)
This protects the key that is stored in a shared state file to ensure only its owner can actually use it (by using Keybase to decrypt it). We learned about Keybase while using Terraform because Terraform can use Keybase to encrypt AWS keys held in its state using a Keybase user handle. Everything is end-to-end encrypted based on asymmetric key cryptography. Keybase is a nice up and coming project, “A Slack but for the whole world.” as they say on their site. Now, what if our laptops (automatically) had access to the exact same AWS keys as the CI/CD pipelines do! In other words, what if we could distribute the same AWS keys to both the CI/CD pipeline and the developers? That way we would be absolutely sure they do not diverge.Įnter Keybase. Except, CI/CD variables have the latest and correct AWS keys while our laptops did not!
![flaws in deleted keybase kept chat flaws in deleted keybase kept chat](https://i.pinimg.com/originals/12/d6/4c/12d64c082f62bf3463575a018beb45bd.jpg)
Given the way we setup our CI/CD that shouldn’t be a problem since we can easily execute the same script that the jobs execute. However, sometimes CI/CD is not available and we need to run our automation pipelines manually (i.e. Once we had the AWS key distribution to CI/CD pipelines automated we stopped having broken builds due to incorrect or otherwise missing AWS keys. Third Base - Shared and secured access AWS keys Extracting all of these from the Terraform output, decrypting and then distributing them to Gitlab (from where Terraform deploys our infrastructure) and 1Password (where we store all our secrets for safekeeping) was super tedious. Making changes to Terraform to create new keys was the easy part.
![flaws in deleted keybase kept chat flaws in deleted keybase kept chat](https://motherboard-images.vice.com/content-images/contentimage/no-id/1420473414129862.png)
The entire project is in the public cloud.When I started working on an ongoing big project, my first task was creating and documenting the on-boarding and off-boarding procedure.