[Ci-users] api key not really used in a secret way
walters at verbum.org
Wed Apr 13 16:13:34 UTC 2016
Not that this really matters a lot since we can probably
trust each other right now not to use other's resources, but I noticed
many people end up leaking the API key
and several others.
The two problems seem to be including the Python script raw
as a builder (which Jenkins exposes as public data), or
injecting it as an environment variable (which shows up in the Jenkins
but since there are many forks of this now, multiple groups will
need to change their copies too.
More information about the Ci-users