Embed a canary token as a trap

[commjoen]

• implement webhook/callbacks in the application BE
• have a challenge with the hardcoded AWS key and a linkt to the canary overview screen (Secret hidden in git history #199 (comment))
• make the callback configurable for the heroku domains
• provide instructions on how to create a canary token for your own deployment (#189 add temporal instructions for using canary tokens in own account #235)
• automate the instructions --> Create optional low value keys which can be used as canarotykens in AWS/GCP #236
• provide a fake canary token setup for localhost? will not do

[commjoen]

@bendehaan if we want to do Challenge15 in people their own cloud the instruction would be like below, are we sure we want to do that?

Running Challenge15 in your own cloud only

When you want to include your own Canarytokens for your cloud-deployment, do the following:

1. Fork the project
2. Make sure you use the GCP ingress or AWS ingress scripts to generate an ingress for your project.
3. Go to and select AWS Keys, in the webHook URL field add <your-domain-created-at-step1>/canaries/tokencallback
4. Encrypt the received credentials so that Challenge15 candecrypt them again
5. commit the unencrypted and encrypted materials to Git
6. adapt the hints of Challenge 15 in your fork to point to your fork
7. create a container and push it to your registry
8. override the K8s definitionfiles.

[bendehaan]

Discussed out of band. For the record: start with a how to, possibly expand to custom (cloud?) solution later.