[users at bb.net] Using SSH keys with GitPoller and Git step?

Drago Trusk drago.trusk at gmail.com
Tue Mar 7 13:50:48 UTC 2017


Hi Pierre,

maybe I wasn't explicit enough sorry. I meant that creds can leak if used
with obfuscation for a remote command, not when using netrc. I just wanted
to point that out since you said "Buildbot has capabilities to redact
password from commands." (I presume you meant obfuscation).

Bye,
Drago

On Tue, Mar 7, 2017 at 1:49 PM, Pierre Tardy <tardyp at gmail.com> wrote:

> Hi Drago,
>
> Do you have evidence of git leaking the parameters found in the netrc?
> I have never seen that yet.
>
> Android's AOSP Gerrit uses netrc to store http creds, and I have
> implemented buildbot support for it, and we didn't see the creds leaking as
> far as I remember.
>
> Regards
> Pierre
>
> On Tue, Mar 7, 2017 at 1:01 PM Drago Trusk <drago.trusk at gmail.com> wrote:
>
>> Hi Pierre,
>>
>> ups, sorry I'm not using .gitconfig for username/password but rather
>> .netrc (_netrc for windows). Didn't yet got my coffee.
>>
>> My use case is that I have to interact (in a way) with a third party
>> repository, but access for SSH was not granted so I received only HTTP(S)
>> access.
>> This is why my .netrc has
>> (~/.netrc): machine <host> login <sensitive_user> password
>> <sensitive_password>
>>
>> In such situations simple approach would be to have a list of parameters
>> that all steps can receive so that they are stripped from any
>> output/logging. I'll try to create a PoC when I come back home.
>>
>> Bye,
>> Drago
>>
>> On Tue, Mar 7, 2017 at 10:40 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>>
>> Hi Drago
>>
>> On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <drago.trusk at gmail.com> wrote:
>>
>> Hi Pierre,
>>
>> it is understandable that people should use SSH keys, but if third party
>> exposes non-SSH access then this becomes a problem.
>>
>> Could you be more specific on this? I'd like to understand the exact use
>> case in order to see how we can support it the best.
>> Since we are currently designing the secret manager
>> <https://github.com/buildbot/buildbot/pull/2660/files>, and we need to
>> understand the usecases in details in order to implement it best.
>>
>> Obfuscation of command (e.g. password) is nice, but if for whatever
>> reason this command fails and writes sensitive information into
>> stderr/stdout it will still be visible. Of course if worker is on Linux
>> that can be piped and replaced (or through code itself).
>>
>> Again, I am not sure what  you suggest as a solution for that?
>>
>>
>> Since I'm provisioning my workers with SSH keys anyway I have sensitive
>> information in gitconfig, but I just wanted to point out that use cases can
>> happen in situations when someone doesn't have another choice.
>>
>>
>> I would be interrested to see what kind of gitconfig do you have, could
>> you please publish it (obviously with the sensitive information redacted) ?
>>
>> Regards,
>> Pierre
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170307/67ab3f2a/attachment.html>


More information about the users mailing list