fix: remove committed private keys and add gitleaks CI
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 51s
CI Pipeline / Rust Unit Tests (push) Failing after 1m31s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
CI Pipeline / Build .deb & Release (push) Has been skipped
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 51s
CI Pipeline / Rust Unit Tests (push) Failing after 1m31s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
CI Pipeline / Build .deb & Release (push) Has been skipped
- Remove all cert files from git tracking (git rm --cached) - crates/pm-agent-client/certs/client.key (private key) - crates/pm-agent-client/certs/client.crt (public cert) - crates/pm-agent-client/certs/ca.crt (public cert) - Add .gitignore patterns for *.key, *.key.pem, certs/*.crt, certs/*.pem - Update pm-agent-client doc examples to use std::fs::read() instead of include_bytes! - Add gitleaks secret scanning job to CI workflow - Update security-review.md with critical finding for Issue #12 - Add README.md to crates/pm-agent-client/certs/ explaining runtime cert generation Private keys were dev/test only - no production key rotation needed. Git history purge with filter-repo will follow after PR merge. Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>
This commit is contained in:
Draco-Lunaris-Echo
committed by
GitHub
GitHub
parent
e6dd1b8489
commit
5fa1fef6c8
@ -160,9 +160,30 @@ verifying that all mandated security controls are implemented and operational.
|
||||
|
||||
## 6. Findings & Recommendations
|
||||
|
||||
### No Critical or High Findings
|
||||
### 🔴 CRITICAL: Committed Private Key Material (Issue #12) — RESOLVED
|
||||
|
||||
All security controls are implemented as specified in the system requirements.
|
||||
**Description:**
|
||||
Private key file `client.key` and public certificates (`client.crt`, `ca.crt`) were committed
|
||||
to version control in `crates/pm-agent-client/certs/`. Committed private keys are a critical
|
||||
security risk: anyone with repository access can impersonate agents or decrypt captured TLS traffic.
|
||||
|
||||
**Status:** ✅ RESOLVED
|
||||
|
||||
**Remediation Applied:**
|
||||
1. Removed all cert files from git tracking (`git rm --cached`)
|
||||
2. Added `*.key`, `*.key.pem` and `crates/pm-agent-client/certs/` to `.gitignore`
|
||||
3. Updated `pm-agent-client` doc examples to use `std::fs::read()` instead of `include_bytes!`
|
||||
4. Added `gitleaks` secret scanning to CI pipeline
|
||||
5. Added README to `crates/pm-agent-client/certs/` explaining runtime cert generation
|
||||
6. Git history will be purged with `git filter-repo` after PR merge
|
||||
|
||||
**Key Rotation:**
|
||||
These keys were dev/test only. No production key rotation is needed. All committed keys
|
||||
should be considered compromised and must not be used in production.
|
||||
|
||||
### No Other Critical or High Findings
|
||||
|
||||
All other security controls are implemented as specified in the system requirements.
|
||||
|
||||
### Recommendations (Low Priority)
|
||||
|
||||
@ -192,3 +213,4 @@ All security controls are implemented as specified in the system requirements.
|
||||
- [x] Backup encryption supported (GPG)
|
||||
- [x] Azure SSO with PKCE flow
|
||||
- [x] No plaintext credential storage
|
||||
- [x] Committed private key material removed from repository (Issue #12)
|
||||
|
||||
Reference in New Issue
Block a user