May 1, 2017 at 9:38 pm
Comments posted to this topic are about the item The Secret Password
May 2, 2017 at 6:56 am
I thought this is why you require pull requests and peer reviews before merging into master and kicking off a ci release.
May 2, 2017 at 8:36 am
That doesn't necessarily have anything to do with someone using a password variable or token in the release process. They could still include steps or changes in the flow that cause issues. Or they could deploy elsewhere a specific script if the CI/CD process isn't locked down appropriately.
May 2, 2017 at 8:37 am
I guess you'd also need to ensure that code reviews happen and no strange code can slip through. In a program of any size, perhaps with lots of changes, this could be an issue.
The old saying: alter 10 lines, code review is intense. Alter 1000 lines, code review is "looks good".
May 3, 2017 at 12:17 pm
Our continuous integration process uses TeamCity / Octopus and our deployments run under the context of a domain based service account. I don't recall the password being persisted anywhere in the CI tool configuration.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy