[Ci-users] api key not really used in a secret way
Colin Walters
walters at verbum.orgWed Apr 13 16:13:34 UTC 2016
- Previous message: [Ci-users] going beyond getting started
- Next message: [Ci-users] api key not really used in a secret way
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Not that this really matters a lot since we can probably trust each other right now not to use other's resources, but I noticed many people end up leaking the API key publicly, e.g. https://ci.centos.org/job/bstinson-centpkg-unittests/configure and https://ci.centos.org/job/adb-openshift-vagrantfile-tests/12/console and several others. The two problems seem to be including the Python script raw as a builder (which Jenkins exposes as public data), or injecting it as an environment variable (which shows up in the Jenkins console logs). I created: https://github.com/kbsingh/centos-ci-scripts/pull/4 but since there are many forks of this now, multiple groups will need to change their copies too.
- Previous message: [Ci-users] going beyond getting started
- Next message: [Ci-users] api key not really used in a secret way
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CI-users mailing list