Recently I was asked "if Dagger turns | Dagger | Page 1

azure sequoia Feb 8, 2024, 5:50 PM

#

Slightly longer opinion, specifically on credentials.

The status quo today is to copy credentials into your CI platform in some way. This means that when you're making your pipeline portable, all of a sudden those secrets need to be more accessible 😱

But

Your CI platform is not a secrets manager. This is the status quo because it's typically hard to connect a CI platform to a proper secrets manager. That's the underlying poor security practice, which most of us have been guilty of at some point.

Going forward, this isn't sustainable because CI platforms have been super leaky and we want portable pipelines.

So for some teams, Daggerizing may mean improving security practices because it prioritizes the problem with the status quo.

Proper secrets management with RBAC using something like 1password, vault, infisical, aws secrets, etc should not give developers production credentials by default, but still give them valid credentials to run all the pipelines in a development environment.

#

feel free to make that into a tshirt

compact pilot Feb 8, 2024, 5:57 PM

#

Don't dare me

azure sequoia Feb 8, 2024, 5:57 PM

#

I'll wear it

#Recently I was asked "if Dagger turns