Michael Weimann opened 4 years ago
|
|||||||
Michael Weimann changed title 4 years ago
|
|||||||
Michael Weimann changed fields 4 years ago
|
|||||||
@robin if you agree with the suggestion is okay I could provide the code. |
|||||||
It is designed this way for security reason. Something like GitHub does for secrets. |
|||||||
I agree with Robin. We mainly use secret in a Job to connect to other server and access ressources. I accept my coworker can modify source code and/or launch job but not retrieve my secret (password) |
|||||||
One thing to note, if your coworker has administrative rights to the project, he/she can still reveal value of the secret by modifying build spec directly to print it. |
|||||||
That was my thought. If you can print the variables anyway the security benefit is not that high. GitLab does it the "reveal"-Button way. |
|||||||
Hmm... Maybe we should provide this feature (for project administrators only) for convenience, as it is not possible to keep the value really secret for project administrators. |
|||||||
Here is a screenshot from a GitLab project: Maybe this could be the way:
→ Improvement for admins to check their variables + avoiding to print secrets in the builds. To separate things: this ticket is only about displaying the secrets for admins. |
|||||||
Wohhhh, you're right.
There is a problem with (3) !! What about having a different rights for build editing ? |
|||||||
|
|||||||
So effectively only project administrator can determine who can access the secret. So it is consistent to have them reveal the value. |
|||||||
Thank you for help and screenshoot about feature i didn't know. I've update all my project's config and now it's secure ! So you're right, it is consistent to have them reveal BUT admin have to setup config VERY CAREFULLY. |
|||||||
OneDev changed state to 'Closed' 3 years ago
|
|||||||
OneDev changed state to 'Released' 3 years ago
|
Type |
Improvement
|
Priority |
Normal
|
Assignee |
As a project admin I want to see the job secrets,
so I know that is in there.
Affected area:
At the moment it displays an empty input field.
Suggestions: