Changes

Thomas Neidhart · 7d8ad673
--- a/Sharing-secrets-with-the-Eclipse-Foundation.md
+++ b/Sharing-secrets-with-the-Eclipse-Foundation.md
+The Eclipse Foundation maintains credentials used by projects to access 3rd party providers and services in an internal credential store. From this store the credentials are provisioned and synchronized to project resources where these credentials are required, e.g. Jenkins server, GitHub or Gitlab repository.
+
+In many cases, the credentials will be created and managed by the EF IT staff. In case a project has such credentials already created themselves and would like to provision it to aforementioned resources, the project needs to share these credentials with EF IT staff.
+
+We currently support 2 different ways to share such credentials in an easy and secure way:
+
+- using our [chat service](https://chat.eclipse.org) by sending the credentials in a private, end-to-end encrypted conversation to an EF IT staff member 
+- using a simple [command line tool](https://gitlab.eclipse.org/eclipsefdn/security/scripts/-/blob/main/github/encrypt.sh?ref_type=heads) to encrypt the credentials and send them by email or attach them to a confidential [helpdesk](https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/new) ticket.
+
+# Chat Service
+
+In order to send a credential via the Chat Service, find the matrix handle of the EF IT staff member you have been in contact with from the table below and start a conversation actively yourself.
+
+# Encrypt script
+
+Download or the [script](https://gitlab.eclipse.org/eclipsefdn/security/scripts/-/blob/main/github/encrypt.sh?ref_type=heads). The following prerequisites are required to be installed on your computer:
+
+- [age](https://github.com/FiloSottile/age)
+- [jq](https://github.com/jqlang/jq)
+
+These dependencies can usually installed using `sudo apt install age jq` on debian based systems.
+
+To encrypt a file `secret.txt` for a given eclipse user you can run the script like that:
+
+```
+> ./encrypt.sh -e <eclipse-user> -o output.txt secret.txt
+```
+
+This will store the encrypted contents of the input file into a file `output.txt` which can then be send to the IT staff member by email or attached to a confidential Helpdesk ticket.
+
+You can either add multiple recipients with the `-e` or `-g` flags specifying either an Eclipse or GitHub handle for encryption.
+
+# EF IT Staff members
+
+| Name      | Handles | Team  |
+| --------- | ------- | ----- |
+| Fred Gurr | [fgurr (eclipse.org)](https://accounts.eclipse.org/users/fgurr)<br>[fredg02 (github.com)](https://github.com/fredg02)<br>@fred.gurr:matrix.eclipse.org (chat.eclipse.org)<br>[fred.gurr@eclipse-foundation.org](mailto:fred.gurr@eclipse-foundation.org) | Release Engineering |
+| Sébastien Heurtematte | [heurtemattes (eclipse.org)](https://accounts.eclipse.org/users/heurtemattes)<br>[heurtematte (github.com)](https://github.com/heurtematte)<br>@sebastien.heurtematte:matrix.eclipse.org (chat.eclipse.org)<br>[sebastien.heurtematte@eclipse-foundation.org](mailto:sebastien.heurtematte@eclipse-foundation.org) | Release Engineering |
+| Pawel Stankiewicz | [pstankie (eclipse.org)](https://accounts.eclipse.org/users/pstankie)<br>[pstankie (github.com)](https://github.com/pstankie)<br>@pawel.stankiewicz:matrix.eclipse.org (chat.eclipse.org)<br>[pawel.stankiewicz@eclipse-foundation.org](mailto:pawel.stankiewicz@eclipse-foundation.org) | Release Engineering |
+| Thomas Neidhart | [netomi (eclipse.org)](https://accounts.eclipse.org/users/netomi)<br>[netomi (github.com)](https://github.com/netomi)<br>@thomas.neidhart:matrix.eclipse.org (chat.eclipse.org)<br>[thomas.neidhart@eclipse-foundation.org](mailto:thomas.neidhart@eclipse-foundation.org) | Security |