Deploy the generated website via GitHub Actions

OWASP · Dec 12, 2024 · 232edba · 232edba
1 parent 615da55
commit 232edba
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 105 deletions.
diff --git a/News.xml b/News.xml
diff --git a/README.md b/README.md
@@ -1 +1 @@
-Website last update: 2024-12-09 at 16:03:00.
+Website last update: 2024-12-12 at 17:51:57.
diff --git a/bundle.zip b/bundle.zip
diff --git a/cheatsheets/Secrets_Management_Cheat_Sheet.html b/cheatsheets/Secrets_Management_Cheat_Sheet.html
@@ -4166,7 +4166,7 @@ <h3 id="32-where-should-a-secret-be">3.2 Where should a secret be?<a class="head
 <p>There are various places where you can store a secret to execute CI/CD actions:</p>
 <ul>
 <li>As part of your CI/CD tooling: you can store a secret in <a href="https://docs.gitlab.com/charts/installation/secrets.html">GitLab</a>/<a href="https://docs.github.com/en/actions/security-guides/encrypted-secrets">GitHub</a>/<a href="https://www.jenkins.io/doc/developer/security/secrets/">jenkins</a>. This is not the same as committing it to code.</li>
-<li>As part of your secrets-management system: you can store a secret in a secrets management system, such as facilities provided by a cloud provider (<a href="https://aws.amazon.com/secrets-manager/">AWS Secret Manager</a>, <a href="https://azure.microsoft.com/nl-nl/services/key-vault/">Azure Key Vault</a>, <a href="https://cloud.google.com/secret-manager">Google Secret Manager</a>), or other third-party facilities (<a href="https://www.vaultproject.io/">Hashicorp Vault</a>, <a href="https://www.conjur.org/">Conjur</a>, <a href="https://www.keepersecurity.com/">Keeper</a>, <a href="https://lyft.github.io/confidant/">Confidant</a>). In this case, the CI/CD pipeline tooling requires credentials to connect to these secret management systems to have secrets in place. See <a href="#4-cloud-providers">Cloud Providers</a> for more details on using a cloud provider's secret management system.</li>
+<li>As part of your secrets-management system: you can store a secret in a secrets management system, such as facilities provided by a cloud provider (<a href="https://aws.amazon.com/secrets-manager/">AWS Secret Manager</a>, <a href="https://azure.microsoft.com/nl-nl/services/key-vault/">Azure Key Vault</a>, <a href="https://cloud.google.com/secret-manager">Google Secret Manager</a>), or other third-party facilities (<a href="https://www.vaultproject.io/">Hashicorp Vault</a>, <a href="https://www.conjur.org/">Conjur</a>, <a href="https://www.keepersecurity.com/">Keeper</a>). In this case, the CI/CD pipeline tooling requires credentials to connect to these secret management systems to have secrets in place. See <a href="#4-cloud-providers">Cloud Providers</a> for more details on using a cloud provider's secret management system.</li>
 </ul>
 <p>Another alternative here is using the CI/CD pipeline to leverage the Encryption as a Service from the secrets management systems to do the encryption of a secret. The CI/CD tooling can then commit the encrypted secret to git, which can be fetched by the consuming service on deployment and decrypted again. See section 3.6 for more details.</p>
 <p>Note: not all secrets must be at the CI/CD pipeline to get to the actual deployment. Instead, make sure that the deployed services take care of part of their secrets management at their own lifecycle (E.g. deployment, runtime and destruction).</p>
@@ -4183,7 +4183,7 @@ <h4 id="321-as-part-of-your-cicd-tooling">3.2.1 As part of your CI/CD tooling<a
 <li>Document: Make sure you document which secrets you store as part of your CI/CD tooling and why so that you can migrate these easily when required.</li>
 </ul>
 <h4 id="322-storing-it-in-a-secrets-management-system">3.2.2 Storing it in a secrets management system<a class="headerlink" href="#322-storing-it-in-a-secrets-management-system" title="Permanent link">&para;</a></h4>
-<p>Naturally, you can store secrets in a designated secrets management solution. For example, you can use a solution offered by your (cloud) infrastructure provider, such as <a href="https://aws.amazon.com/secrets-manager/">AWS Secrets Manager</a>, <a href="https://cloud.google.com/secret-manager">Google Secrets Manager</a>, or <a href="https://azure.microsoft.com/nl-nl/services/key-vault/">Azure KeyVault</a>. You can find more information about these in <a href="#4-cloud-providers">section 4</a> of this cheat sheet. Another option is a dedicated secrets management system, such as <a href="https://www.vaultproject.io/">Hashicorp Vault</a>, <a href="https://www.keepersecurity.com/">Keeper</a>, <a href="https://lyft.github.io/confidant/">Confidant</a>, <a href="https://www.conjur.org/">Conjur</a>.
+<p>Naturally, you can store secrets in a designated secrets management solution. For example, you can use a solution offered by your (cloud) infrastructure provider, such as <a href="https://aws.amazon.com/secrets-manager/">AWS Secrets Manager</a>, <a href="https://cloud.google.com/secret-manager">Google Secrets Manager</a>, or <a href="https://azure.microsoft.com/nl-nl/services/key-vault/">Azure KeyVault</a>. You can find more information about these in <a href="#4-cloud-providers">section 4</a> of this cheat sheet. Another option is a dedicated secrets management system, such as <a href="https://www.vaultproject.io/">Hashicorp Vault</a>, <a href="https://www.keepersecurity.com/">Keeper</a>, <a href="https://www.conjur.org/">Conjur</a>.
 Here are a few do's and don'ts for the CI/CD interaction with these systems. Make sure that the following is taken care of:</p>
 <ul>
 <li>Rotation/Temporality: credentials used by the CI/CD tooling to authenticate against the secret management system are rotated frequently and expire after a job completes.</li>

diff --git a/search/search_index.json b/search/search_index.json
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		Website last update: 2024-12-09 at 16:03:00.
		Website last update: 2024-12-12 at 17:51:57.