From 31c8797dc1f86ab5100c77216f84ac747d6ba286 Mon Sep 17 00:00:00 2001 From: Zach Rhoads Date: Fri, 19 May 2023 15:15:45 -0500 Subject: [PATCH] added secure deployment guide Signed-off-by: Zach Rhoads --- content/en/docs/concepts/secure-deployment.md | 35 +++++++++++++++++++ .../en/docs/concepts/specs-requirements.md | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 content/en/docs/concepts/secure-deployment.md diff --git a/content/en/docs/concepts/secure-deployment.md b/content/en/docs/concepts/secure-deployment.md new file mode 100644 index 00000000..a5a51522 --- /dev/null +++ b/content/en/docs/concepts/secure-deployment.md @@ -0,0 +1,35 @@ +--- +title: "Securely deploying Notation" +description: "Best practices for securely deploying Notation" +type: docs +weight: 2 +--- + +A deployment of Notation, specifically the `notation` CLI, is used for signing and verifying container images. The `notation` CLI is usually deployed on a development computer or in a CI/CD pipeline, such as GitHub Actions. + +A deployment has several sensitive components: + +- [Trust policies]({{< ref "/docs/how-to/manage-trust-policy" >}}) +- [Trust stores and certificates]({{< ref "/docs/concepts/directory-structure" >}}) +- Plugins + +It is strongly recommended that you follow the best practices in this document to secure your deployment of Notation. Notation works with a shared responsibility model, meaning users and organizations are responsible for securing the `notation` CLI deployment. + +Failure to secure the filesystem on development computers and hosts with `notation` CLI deployments can result in malicious plugins being installed, trust policies being modified to allow verification compromised or untrusted artifacts, and trust stores being modified to have untrusted or compromised certificates. + +## Secure filesystem access + +The sensitive components of a deployment of Notation are stored on the filesystem. For development computers managed by individuals and hosts directly managed by your organization, you should follow general best practices as well as your organization's best practices for securing those development computers and hosts, such as: + +- Ensuring the operating system is fully patched +- The disk encryption follows your organizations encryption policies +- Use strong passwords and adhere to your organization's password policies +- Access to the Notation deployment directory is restricted to only authorized users, such as those with `sudo` access, administrators, or the user that owns the directory + +Every organization has different policies and best practices for securing development computers and hosts, and they should be followed as a part securing filesystem on development computers and hosts with `notation` CLI deployments. + +## Other security best practices + +For development computers managed by individuals and hosts directly managed by your organization, ensure the access to those systems as well as locations of the sensitive components of a deployment of Notation are restricted to only authorized users. + +For computers not directly managed by individuals or your organization, such as hosts used for CI/CD pipelines, ensure manner in which the sensitive components of a deployment of Notation are stored, accessed, and transmitted to those computers follows your organizations best practices and are restricted only to authorized users. diff --git a/content/en/docs/concepts/specs-requirements.md b/content/en/docs/concepts/specs-requirements.md index d30dc28d..64216542 100644 --- a/content/en/docs/concepts/specs-requirements.md +++ b/content/en/docs/concepts/specs-requirements.md @@ -2,7 +2,7 @@ title: "Notary project specifications and requirements" description: "Notary project specifications and requirements" type: docs -weight: 4 +weight: 10 --- More information on the specifications, requirements, and other details about the Notary project can be found in the [Notary repository](https://github.com/notaryproject/notaryproject/tree/main). \ No newline at end of file