That is possible. I restricted access to the github token to the log4net build job only. Stefan, would you like to try whether you can gain access to that token? I can guide you to where you can find it off-list.
On Wed, 13 Jun 2018, 17:40 Ralph Goers, <ralph.go...@dslextreme.com> wrote: > Jenkins does have a way of storing credentials. However, I don’t know if > there is a way to limit which jobs can use the credentials. > > Ralph > > > On Jun 13, 2018, at 6:48 AM, Stefan Bodewig <bode...@apache.org> wrote: > > > > On 2018-06-13, Dominik Psenner wrote: > > > >> As far as I can tell, the secrets stored in jenkins.a.o are > >> trustworthy. For instance I used a github access token generated from > >> my github account that grants jenkins access to the log4net-logging > >> repository on github. I am convinced that nobody else can steal that > >> token without logging in to jenkins using my credentials. Stefan, > >> would you please elaborate the reasonings of why you do not trust pgp > >> signatures issued by builds.a.o? > > > > Maybe just because I'm paranoid. How would you store the private part of > > a PGP key in Jenkins in a way that cannot be compromised by people who > > log in to Jenkins or a malicious Jenkins addon that gets installed? > > > > Stefan > > > > >