Securing Confidential Data For Distributed Software Development Teams: Encrypted Container File
Tobias J. Bauer, Andreas Aßmuth
TL;DR
ECF addresses the confidentiality challenges of cloud-based, multi-organizational software development by providing a library-friendly, hybrid encryption format that supports fine-grained per-file recipient access. It extends prior tools with an explicit multi-recipient structure, on-demand decryption, recipient management, and deception blocks to obscure recipient counts, while offering performance suitable for production pipelines. The work details a flexible file format, multiple cipher suites (including AES-256-GCM and AEGIS-256), Linux/Docker deployment, and comprehensive security checks for integrity and authenticity. It demonstrates practical viability through performance analyses and outlines future directions like PKI-based trust models and nuanced access-control regimes to further strengthen multi-organization collaboration. The approach has tangible impact for DevSecOps in distributed teams by enabling secure, scalable sharing of secrets within standard VCS workflows.
Abstract
In the context of modern software engineering, there is a trend towards Cloud-native software development involving international teams with members from all over the world. Cloud-based version management services like GitHub are commonly used for source code and other files. However, a challenge arises when developers from different companies or organizations share the platform, as sensitive data should be encrypted to restrict access to certain developers only. This paper discusses existing tools addressing this issue, highlighting their shortcomings. The authors propose their own solution, Encrypted Container Files, designed to overcome the deficiencies observed in other tools.