mirror of
https://github.com/ryantm/agenix.git
synced 2024-11-24 10:38:29 +03:00
657789137c
* use mmdoc * add github pages action to auto publish * do not edit README for now, will follow up with a commit directs people to the doc site
14 lines
763 B
Markdown
14 lines
763 B
Markdown
# Threat model/Warnings {#threat-model-warnings}
|
|
|
|
This project has not been audited by a security professional.
|
|
|
|
People unfamiliar with `age` might be surprised that secrets are not
|
|
authenticated. This means that every attacker that has write access to
|
|
the secret files can modify secrets because public keys are exposed.
|
|
This seems like not a problem on the first glance because changing the
|
|
configuration itself could expose secrets easily. However, reviewing
|
|
configuration changes is easier than reviewing random secrets (for
|
|
example, 4096-bit rsa keys). This would be solved by having a message
|
|
authentication code (MAC) like other implementations like GPG or
|
|
[sops](https://github.com/Mic92/sops-nix) have, however this was left
|
|
out for simplicity in `age`.
|