I’ve been using the icp cli these past days to deploy my canisters. These are actually my first deploys so I have not much context of how things have been done with dfx.
I was starting to set up CD jobs on GitHub. As I understand, we have to import our identity before deploying. I set my private key as a secret on GitHub and then “echo” it into a .pem which I then use for the icp identity import.
I see that there are different storage options to save the key. Initially, I tried the password approach.
However, I see that for the DFINITY portal, you are using the plaintext approach.
I was wondering what the recommended approach and best practice is here.
Is it considered safe to store it as plain text since the action’s environment is ephemeral?
@marc0olo I asked this in the chat in yesterday’s CLI session and you mentioned you can loop some people in here.
Apart from that, the deployment using the cli is very intuitive.
icp-cli supports three types of identities right now: plaintext, password protected file, and HSM.
HSMs are the most secure since they don’t give out the key, but they are pretty hard to automate, especially on CI.
If you use something like GH runners, plaintex and password protected identities look almost identically secure to me. GH controls the full workflow, including all secrets. If they wanted to crack a password protected identity they can do so easily, since you need to access the password in the CD job too.
It all boils down to trust. If you do not accidentally print the identity where it’s visible to everyone, GH has full access to everything that happens on their runners. If you trust them, I don’t see a big difference between identities with and without passwords and would consider both roughly similarly safe. If you don’t trust them, you’re probably better off with a different CD setup, or a HSM
