volatilemolotov commented on PR #27015: URL: https://github.com/apache/beam/pull/27015#issuecomment-1698190744
"It also exposes the secrets to all steps" This part is true, i was more going into how convenient it is. Still anything is exposed given the ability of contributors to add these vars to any step, and some PRs might go trough so perhaps there is merit in understanding what is the scope of damage caused by having access to these credentials trough Github wokflows. In the meantime yes lets have them as env for the step. Im fine with the slight additional reduced scope of usage -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
