Antoine Levy-Lambert wrote:
Hello Res,
I think that you are doing the right thing. More exactly, I am not sure
that *the* best practice in this domain exist. As long as you have a
clear policy and you can explain it to all the stakeholders in
your development community, things are OK.
You mention ssh passwords. I have always thought that passwords for
automated scripts are a problem. Either you have these in a file which
is not under version-control, but then you can lose it and
the build is not reproducible. Or the file is just sitting on the
file system at a location where only trusted person(s) can access it,
and it is fine for security, but not for the sake of being sure that the
build
can be setup elsewhere without difficulties. Sometimes, I think it is
quite "funny" when a script user has to "key in" passwords for 10s of
different systems (database servers, application servers, ssh, LDAP,
mainframe connectivity,
...) But it is like that.
You can always keep the passwords on a USB key or some other movable
device, so they become available when plugged in, and move from device
to device.
I dont do that, but I do encrypt the bit of the filesystem they live in,
with an encryption key that is kept in the laptop's TPM. No login, no data.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
