28Eki
Should I house my organization’s root CA certificate in public github repostiory?
We have a public repository of a software that uses Docker container. Any thing that runs within the organization sees certificates signed by our org's root CA. For the container to run properly within our org, the root CA certificate needs to be copied over to the container when building the image. This will be easy to do if the certificate is included in the repo and we simply use COPY command in the Dockerfile. What's security risk in this approach? Is there a better way? I understand the need to keep the root CA certificate in the repo up to date, and also the fact that this certificate is irrelevant for the folks running the software outside of our org but it feels these trade offs are worth making for the simplicity it grants?
