Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated Credential Integration for Secure Codecov Setup [DEC] #634

Open
vlad-ko opened this issue Jan 24, 2025 · 2 comments
Open

Automated Credential Integration for Secure Codecov Setup [DEC] #634

vlad-ko opened this issue Jan 24, 2025 · 2 comments
Labels
Feature Request High High Priority Issues (to be fixed within 2 sprints) Waiting for: Product Owner

Comments

@vlad-ko
Copy link

vlad-ko commented Jan 24, 2025

Summary

Introduce a product feature that allows for direct integration of credentials into a DEC Codecov instance, eliminating the need for manual handling of sensitive data. This will enhance security, streamline the setup process, and reduce the risk of human error.

Problem Statement

Currently, integrating credentials into a Codecov instance involves manual steps, such as using GPG or sharing credentials through external tools like 1Password. This process is both cumbersome and introduces potential security vulnerabilities. Relying on human interaction for sensitive data handling increases risk and inefficiency, particularly for high-stakes environments like scalability testing.

Proposed Solution

Develop a product feature within the Codecov interface that enables secure, automated transmission and integration of credentials directly into the system. The feature could include:

  1. Credential Upload Portal: A dedicated section in the product UI where users can securely upload credentials.
  2. Encryption & Storage: Automated encryption of credentials upon upload, with storage following security best practices.
  3. API Integration: Allow seamless API-based credential input for CI/CD systems and other automated workflows.
  4. Audit Logs: Provide a log of credential integrations for transparency and accountability.

Benefits

  • Enhanced Security: Eliminates the need for manual sharing, reducing exposure to sensitive data.
  • Streamlined Process: Simplifies the setup process, saving time for users.
  • Scalability: Ensures that credential integration is efficient and repeatable for large-scale setups.
  • Compliance: Meets security best practices for handling sensitive information, building user trust.

Timeline & Priority

Given the critical nature of security and the frequency of credential integration during scalability testing, this feature should be prioritized for upcoming product releases.
@vlad-ko vlad-ko added Feature Request High High Priority Issues (to be fixed within 2 sprints) labels Jan 24, 2025
@covecod covecod bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Jan 24, 2025
@drazisil-codecov
Copy link

I don't know if this is possible. In order to enter the GitHub app settings in the UI, we first need to be able to confirm that the user should be permitted to login. We use the GitHub app to do that.

@vlad-ko
Copy link
Author

vlad-ko commented Jan 27, 2025

i imagine we'd use a separate "setup wizard", @trent-codecov had an idea of just capturing this data via a simple laravel app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request High High Priority Issues (to be fixed within 2 sprints) Waiting for: Product Owner
Projects
GitHub Issues with 👀
Status: Waiting for: Product Owner
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vlad-ko @drazisil-codecov