Skip to content

private keys and passwords committed to repo #4

Description

@alvaro-salort

The repository (maybe is not active, 9 years old...) contains:

  • A real encrypted RSA private key
  • The vault password used to decrypt it
  • Hardcoded service credentials (haproxy/haproxy)

This fully compromises the secrets.yml file and any infrastructure deployed using it.

Immediate actions required:

  • Revoke and regenerate all certificates and keys
  • Remove secrets.yml from version control
  • Rotate all passwords

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions