Salt: GitFS - verify GPG signed commits of Pillar and State repositories

Created on 2 Nov 2015  路  12Comments  路  Source: saltstack/salt

To improve the security and trustworthiness of a Salt-driven infrastructure, being able to verify GPG signed commits is IMHO a key requirement.
Otherwise the trust is external to GitFS and Salt has to rely on the security of the git repository hosting.

It should be possible to switch either all or individual GitFS (States and especially Pillars) repositories to require valid and trusted GPG signatures, based on the Master's GPG keyring.
It might make sense to set a trust-level threshold when verifying against a known key.

Feature File Servers Pillar Platform
Source
picture eliasp
👍4

Most helpful comment

Is there a planned version for this being implemented? Or expected timeline?

picture wrycu on 6 Apr 2018
👍3

All 12 comments

+1

DanyC97 picture DanyC97 on 3 Nov 2015

@eliasp, thanks for the report.

jfindlay picture jfindlay on 3 Nov 2015

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] picture stale[bot] on 31 Jan 2018

Keep this one open!

eliasp picture eliasp on 31 Jan 2018

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] picture stale[bot] on 31 Jan 2018

Is there a planned version for this being implemented? Or expected timeline?

wrycu picture wrycu on 6 Apr 2018
👍3

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] picture stale[bot] on 20 Jul 2019

Don't think this has been added yet - comment to keep open.

wrycu picture wrycu on 21 Jul 2019

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] picture stale[bot] on 21 Jul 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] picture stale[bot] on 8 Jan 2020

Still an issue AFAIK.

wrycu picture wrycu on 8 Jan 2020

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] picture stale[bot] on 8 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

udf2457 picture udf2457  路  3Comments
zieba88 picture zieba88  路  3Comments
golmaal picture golmaal  路  3Comments
commutecat picture commutecat  路  3Comments
Oloremo picture Oloremo  路  3Comments