In this lab you will use environments and secrets.
Duration: 10-15 minutes
References:
- Using environments for deployment
- Encrypted secrets
- Accessing your secrets
- OWASP: Pygoat Project
- Pygoat app on GitHub
- In order to run the basic pipeline, you must first enable workflows.
- Create an environment called
dev
- Then add 2 environment secrets called
TOKEN_FOR_DOSandDEFECTDOJO_COMMONPASSWORD
- TOKEN_FOR_DOS should be a GitHub Personal Access Token (classic) with Read Only permissions:
- If needed, you can always edit personal access token permissions
- The other secret DEFECTDOJO_COMMONPASSWORD can be found here:
- Once both secrets are entered
- Go ahead and run the basic pipeline!
- When all is done:
- Modify the GitHub PAT to see the errors detected by DevOps Shield Scanner. Additionally, see the compliance get better as you add more GitHub actions that improve your DevSecOps.
- Try running the advanced pipeline and you will quickly see it fail
- You can immediately remedy this by running
.\Create-GitHubEnvironments.ps1 -ghOwner emmanuel-knafo `
-ghRepo devsecops-workshop `
-dockerName crs001fwmpo7kn3hnty `
-dockerPassword "Dgv*************************************************" `
-defectDojoProductId 6 `
-defectDojoToken "607*************************************" `
-githubReadOnlyPersonalAccessTokenClassic "ghp_pPK*********************************" `
-kubeConfigFileName "C:\Users\emmanuel.DEVOPSABCS\Downloads\wrkshp-001-student-001-config-aks-wrkshp-001-s-001"- You can grab all the parameter values from the OneDrive file you received:
- Or you can enter each environment secret and variable manually till you get something like:
- Then run the advanced pipeline again
- It should end like this:
- You can view the deployed app here: http://gh-pygoat.cad4devops.com or find the ip in the deployment such as http://20.175.206.146 :
- The Live Demo of the Pygoat app is a great way to learn more about DevSecOps. Please bear in mind that this app is intentionally insecure!
