In regards to Jenkins we should be using credentials and injecting via credentials bindings to avoid this so the actual key is masked. At a minimum you could use masked passwords and set an environment variable that way. Then it does not show in the output. On Apr 13, 2016 12:18 PM, "Karanbir Singh" <kbsingh at centos.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 13/04/16 17:13, Colin Walters wrote: > > Not that this really matters a lot since we can probably trust each > > other right now not to use other's resources, but I noticed many > > people end up leaking the API key publicly, e.g. > > https://ci.centos.org/job/bstinson-centpkg-unittests/configure and > > https://ci.centos.org/job/adb-openshift-vagrantfile-tests/12/console > > > > > and several others. > > > > The two problems seem to be including the Python script raw as a > > builder (which Jenkins exposes as public data), or injecting it as > > an environment variable (which shows up in the Jenkins console > > logs). > > > > I created: https://github.com/kbsingh/centos-ci-scripts/pull/4 but > > since there are many forks of this now, multiple groups will need > > to change their copies too. > > Thanks, merged. > > Note that its not possible to use the api key from outside of the > jenkins infra inside ci.centos.org ( but you have a good point about > users:users trust, and quota etc ) > > > Regards > > > - -- > Karanbir Singh, Project Lead, The CentOS Project > +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS > GnuPG Key : http://www.karan.org/publickey.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQEcBAEBAgAGBQJXDnFpAAoJEI3Oi2Mx7xbtglcIAIq+yugkH56EyCheHHmCPMpC > MsKycUOwRtdxizsxUiWkpoxH/lJzF3hnqiwhJs//M7zSPbFJVPac+A4i6dx/P++o > Rie8dlSdw4FmJd1z0GbkrRuJc5GZOrzcvkrD3whi2lLZM1rRkMzeNF6rCq+OCaWW > gud3hScXYG92RPiRBxzWrIlQp+K0zOXmO3WBhAYAXdwQa+WBYQ300dfO6+5MZWlh > Z0nC1Xkg6CCPXBsRBzOyt6JwhStg0Lu++vAZeeOyQ50BGY+ncuLaOxNzpTuV8DTz > L4FYHprRtPEfRxvpXo3vIjYMsT7ioMCp4RF/TPPSoWrSH8ikYxJlmlxob0d/4WM= > =KrEg > -----END PGP SIGNATURE----- > _______________________________________________ > Ci-users mailing list > Ci-users at centos.org > https://lists.centos.org/mailman/listinfo/ci-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160413/58d7229a/attachment-0005.html>