Hey folks! 
I’m Awn, part of Monzo’s Security Infrastructure team.
Secrets are everywhere, and the quest to protect them starts before they even exist. At Monzo we regularly have to create and manage secrets that grant very sensitive privileges, and so we’ve created a new process that makes it fast and easy for us to securely and verifiably perform all kinds of sensitive operations.
We’re excited to show you this blog post which talks about how this process works and what kinds of assurances we get out of it.
Looking forward to answering any questions you might have!
7 Likes
Hi. This was a fascinating read. Thanks for sharing it. I had a question about Bob 
Does the person verifying the CI output have access to Concourse? If so, how do you guarantee that they can’t compromise the CI and their local output?
1 Like
I guess not really! But some secrets are definitely more sensitive than others
Engineers don’t have access to anything in our production environment by default, so in order to compromise Concourse someone would first have to get multi-party approval to get the necessary permissions. (You can read more about that here.)
However, we don’t rely on this as generally there’s at least two people who will locally build the artefacts and compare their results with each other and with concourse.
1 Like