Skip to content

Home / helpdesk / secrets

In many cases, the credentials will be created and managed by the EF IT staff. In case a project has such credentials already created themselves and would like to provision it to aforementioned resources, the project needs to share these credentials with EF IT staff.

We currently support 2 different ways to share such credentials in an easy and secure way:

  • using our chat service by sending the credentials in a private, end-to-end encrypted room with an EF IT staff member
  • using a simple command line tool to encrypt the credentials and send them by email or attach them to a confidential helpdesk ticket.

Chat Service

In order to send a credential via the Chat Service, find the matrix handle of the EF IT staff member you have been in contact with from the table below and start a conversation actively yourself.

After the credential has been shared in a private room and copied by the EF staff member, delete the conversation again to avoid keeping the credential in some history / cache.

Encrypt script

Download the encrypt script. 

curl https://gitlab.eclipse.org/eclipsefdn/security/scripts/-/raw/main/github/encrypt.sh\?ref_type\=heads -o encrypt.sh

The following prerequisites are required to be installed on your computer:

These dependencies can usually installed using sudo apt install age jq on debian based systems.

To encrypt a file secret.txt for a given you can run the script like that:

> ./encrypt.sh -e <eclipse-user> -o output.txt secret.txt

This will store the encrypted content of the input file into a file output.txt which can then be send to the IT staff member by email or attached to a confidential Helpdesk ticket.

You can add multiple recipients with the -e or -g flags specifying either an Eclipse or GitHub handle for encryption.

Decrypt data

In order to decrypt a credential received via the encrypt script above, the recipient needs to run the following:

> age --decrypt -i path/to/your/ssh-private-key output.txt

You need to explicitly specify the private ssh key that you have configured for your GitHub or Eclipse Gitlab account depending on what recipient type has been chosen by the sender. You also have the option to specify multiple keys by repeating the -i option, then age will pick the first key that can be used to decrypt the contents.

EF IT Staff members

Name Handles Team
Fred Gurr fgurr (eclipse.org)
fredg02 (github.com)
@frederic.gurr:matrix.eclipse.org (chat.eclipse.org)
frederic.gurr@eclipse-foundation.org		 Release Engineering
SΓ©bastien Heurtematte heurtemattes (eclipse.org)
heurtematte (github.com)
@sebastien.heurtematte:matrix.eclipse.org (chat.eclipse.org)
sebastien.heurtematte@eclipse-foundation.org		 Release Engineering
Pawel Stankiewicz pstankie (eclipse.org)
pstankie (github.com)
@pawel.stankiewicz:matrix.eclipse.org (chat.eclipse.org)
pawel.stankiewicz@eclipse-foundation.org		 Release Engineering
Thomas Neidhart netomi (eclipse.org)
netomi (github.com)
@thomas.neidhart:matrix.eclipse.org (chat.eclipse.org)
thomas.neidhart@eclipse-foundation.org		 Security