[users at bb.net] Using SSH keys with GitPoller and Git step?
Pierre Tardy
tardyp at gmail.com
Tue Mar 7 09:40:13 UTC 2017
Hi Drago
On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <drago.trusk at gmail.com> wrote:
> Hi Pierre,
>
> it is understandable that people should use SSH keys, but if third party
> exposes non-SSH access then this becomes a problem.
>
Could you be more specific on this? I'd like to understand the exact use
case in order to see how we can support it the best.
Since we are currently designing the secret manager
<https://github.com/buildbot/buildbot/pull/2660/files>, and we need to
understand the usecases in details in order to implement it best.
Obfuscation of command (e.g. password) is nice, but if for whatever reason
> this command fails and writes sensitive information into stderr/stdout it
> will still be visible. Of course if worker is on Linux that can be piped
> and replaced (or through code itself).
>
Again, I am not sure what you suggest as a solution for that?
> Since I'm provisioning my workers with SSH keys anyway I have sensitive
> information in gitconfig, but I just wanted to point out that use cases can
> happen in situations when someone doesn't have another choice.
>
I would be interrested to see what kind of gitconfig do you have, could you
please publish it (obviously with the sensitive information redacted) ?
Regards,
Pierre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170307/ac277ef5/attachment.html>
More information about the users
mailing list