2023-07-18

Secret management improvements

To allow for better management of our Kubernetes secrets, Chris set out to configure git-crypt in GPG key mode. For comparison, the previous approach was that secrets were stored in Kubernetes only and had to be accessed via kubectl, and now git-crypt allows us to transparently work with the files in unencrypted manner locally, whilst having them secure on the remote, all via .gitattributes.

The following people currently have access to this:

• Johannes Christ jc@jchri.st (8C05D0E98B7914EDEBDCC8CC8E8E09282F2E17AF)
• Chris Lovering chris.lovering.95@gmail.com (1DA91E6CE87E3C1FCE32BC0CB6ED85CC5872D5E4)
• Joe Banks joe@jb3.dev (509CDFFC2D0783A33CF87D2B703EE21DE4D4D9C9)

For Hassan, we are still waiting on response regarding his GPG key accuracy.

The pull request for the work can be found at python-discord/kubernetes#156.

To have your key added, please contact any of the existing key holders. More documentation on this topic is pending to be written, see python-discord/kubernetes#157.

Infrastructure migration decision

The voting started last week will be properly talked about next week, so far it looks like we're definitely not selfhosting Kubernetes at the very least.