[jzelinskie]

There's a pretty good talk on "chatops" by the guys at GitHub[0]. Basically, it provides a dialog around a "shared command-line" where developers from learn from each other by simply watching chat. I think it's more beneficial to distributed companies.

However, my question for those using chatops is basically how do you keep the repository for the bot "tame"? It needs access to _everything_ if you want it to be useful, which means having lots of secrets exposed to the bot.

[0]: https://www.youtube.com/watch?v=NST3u-GjjFw

[lotyrin]

Give the bot runtime (not in the repository, environment variable or something) credentials for a secret storage tool of some kind, where it can then fetch credentials for whatever it's allowed to do.

[endymi0n]

Securing the bot itseld is definitely a larger challenge, but a heavily shielded box and tools like Vault can go a long way. It's actually not much different to securing other solutions to the problem like Capistrano or Chef, and definitely still better than giving root SSH access to your developers.