<div dir="ltr">Hi Drago<br><br><div class="gmail_quote"><div dir="ltr">On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <<a href="mailto:drago.trusk@gmail.com">drago.trusk@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg">Hi Pierre, <br class="gmail_msg">
</p>
<p class="gmail_msg">it is understandable that people should use SSH keys, but if
third party exposes non-SSH access then this becomes a problem.</p></div></blockquote><div>Could you be more specific on this? I'd like to understand the exact use case in order to see how we can support it the best.</div><div>Since we are currently designing the <a href="https://github.com/buildbot/buildbot/pull/2660/files">secret manager</a>, and we need to understand the usecases in details in order to implement it best.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg">Obfuscation of command (e.g. password) is nice, but if for
whatever reason this command fails and writes sensitive
information into stderr/stdout it will still be visible. Of course
if worker is on Linux that can be piped and replaced (or through
code itself).</p></div></blockquote><div>Again, I am not sure what you suggest as a solution for that?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
Since I'm provisioning my workers with SSH keys anyway I have
sensitive information in gitconfig, but I just wanted to point out
that use cases can happen in situations when someone doesn't have
another choice.<br class="gmail_msg"></div></blockquote><div> </div><div>I would be interrested to see what kind of gitconfig do you have, could you please publish it (obviously with the sensitive information redacted) ?</div><div><br></div><div>Regards,</div><div>Pierre</div></div></div>