[Ci-users] api key not really used in a secret way
Karanbir Singh
kbsingh at centos.orgWed Apr 13 16:18:49 UTC 2016
- Previous message: [Ci-users] api key not really used in a secret way
- Next message: [Ci-users] api key not really used in a secret way
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13/04/16 17:13, Colin Walters wrote: > Not that this really matters a lot since we can probably trust each > other right now not to use other's resources, but I noticed many > people end up leaking the API key publicly, e.g. > https://ci.centos.org/job/bstinson-centpkg-unittests/configure and > https://ci.centos.org/job/adb-openshift-vagrantfile-tests/12/console > > and several others. > > The two problems seem to be including the Python script raw as a > builder (which Jenkins exposes as public data), or injecting it as > an environment variable (which shows up in the Jenkins console > logs). > > I created: https://github.com/kbsingh/centos-ci-scripts/pull/4 but > since there are many forks of this now, multiple groups will need > to change their copies too. Thanks, merged. Note that its not possible to use the api key from outside of the jenkins infra inside ci.centos.org ( but you have a good point about users:users trust, and quota etc ) Regards - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXDnFpAAoJEI3Oi2Mx7xbtglcIAIq+yugkH56EyCheHHmCPMpC MsKycUOwRtdxizsxUiWkpoxH/lJzF3hnqiwhJs//M7zSPbFJVPac+A4i6dx/P++o Rie8dlSdw4FmJd1z0GbkrRuJc5GZOrzcvkrD3whi2lLZM1rRkMzeNF6rCq+OCaWW gud3hScXYG92RPiRBxzWrIlQp+K0zOXmO3WBhAYAXdwQa+WBYQ300dfO6+5MZWlh Z0nC1Xkg6CCPXBsRBzOyt6JwhStg0Lu++vAZeeOyQ50BGY+ncuLaOxNzpTuV8DTz L4FYHprRtPEfRxvpXo3vIjYMsT7ioMCp4RF/TPPSoWrSH8ikYxJlmlxob0d/4WM= =KrEg -----END PGP SIGNATURE-----
- Previous message: [Ci-users] api key not really used in a secret way
- Next message: [Ci-users] api key not really used in a secret way
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CI-users mailing list