[users at bb.net] Using SSH keys with GitPoller and Git step?

Pierre Tardy tardyp at gmail.com
Tue Mar 7 12:49:35 UTC 2017 

Hi Drago,

Do you have evidence of git leaking the parameters found in the netrc?
I have never seen that yet.

Android's AOSP Gerrit uses netrc to store http creds, and I have
implemented buildbot support for it, and we didn't see the creds leaking as
far as I remember.

Regards
Pierre

On Tue, Mar 7, 2017 at 1:01 PM Drago Trusk <drago.trusk at gmail.com> wrote:

> Hi Pierre,
>
> ups, sorry I'm not using .gitconfig for username/password but rather
> .netrc (_netrc for windows). Didn't yet got my coffee.
>
> My use case is that I have to interact (in a way) with a third party
> repository, but access for SSH was not granted so I received only HTTP(S)
> access.
> This is why my .netrc has
> (~/.netrc): machine <host> login <sensitive_user> password
> <sensitive_password>
>
> In such situations simple approach would be to have a list of parameters
> that all steps can receive so that they are stripped from any
> output/logging. I'll try to create a PoC when I come back home.
>
> Bye,
> Drago
>
> On Tue, Mar 7, 2017 at 10:40 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>
> Hi Drago
>
> On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <drago.trusk at gmail.com> wrote:
>
> Hi Pierre,
>
> it is understandable that people should use SSH keys, but if third party
> exposes non-SSH access then this becomes a problem.
>
> Could you be more specific on this? I'd like to understand the exact use
> case in order to see how we can support it the best.
> Since we are currently designing the secret manager
> <https://github.com/buildbot/buildbot/pull/2660/files>, and we need to
> understand the usecases in details in order to implement it best.
>
> Obfuscation of command (e.g. password) is nice, but if for whatever reason
> this command fails and writes sensitive information into stderr/stdout it
> will still be visible. Of course if worker is on Linux that can be piped
> and replaced (or through code itself).
>
> Again, I am not sure what  you suggest as a solution for that?
>
>
> Since I'm provisioning my workers with SSH keys anyway I have sensitive
> information in gitconfig, but I just wanted to point out that use cases can
> happen in situations when someone doesn't have another choice.
>
>
> I would be interrested to see what kind of gitconfig do you have, could
> you please publish it (obviously with the sensitive information redacted) ?
>
> Regards,
> Pierre
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170307/33282f5e/attachment.html>

More information about the users mailing list