May 1, 2017 at 9:38 pm
Comments posted to this topic are about the item The Secret Password
May 2, 2017 at 6:56 am
I thought this is why you require pull requests and peer reviews before merging into master and kicking off a ci release.
May 2, 2017 at 8:36 am
That doesn't necessarily have anything to do with someone using a password variable or token in the release process. They could still include steps or changes in the flow that cause issues. Or they could deploy elsewhere a specific script if the CI/CD process isn't locked down appropriately.
May 2, 2017 at 8:37 am
I guess you'd also need to ensure that code reviews happen and no strange code can slip through. In a program of any size, perhaps with lots of changes, this could be an issue.
The old saying: alter 10 lines, code review is intense. Alter 1000 lines, code review is "looks good".
May 3, 2017 at 12:17 pm
Our continuous integration process uses TeamCity / Octopus and our deployments run under the context of a domain based service account. I don't recall the password being persisted anywhere in the CI tool configuration.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply