Hi Pierre, ups, sorry I'm not using .gitconfig for username/password but rather .netrc (_netrc for windows). Didn't yet got my coffee.
My use case is that I have to interact (in a way) with a third party repository, but access for SSH was not granted so I received only HTTP(S) access. This is why my .netrc has (~/.netrc): machine <host> login <sensitive_user> password <sensitive_password> In such situations simple approach would be to have a list of parameters that all steps can receive so that they are stripped from any output/logging. I'll try to create a PoC when I come back home. Bye, Drago On Tue, Mar 7, 2017 at 10:40 AM, Pierre Tardy <tar...@gmail.com> wrote: > Hi Drago > > On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <drago.tr...@gmail.com> wrote: > >> Hi Pierre, >> >> it is understandable that people should use SSH keys, but if third party >> exposes non-SSH access then this becomes a problem. >> > Could you be more specific on this? I'd like to understand the exact use > case in order to see how we can support it the best. > Since we are currently designing the secret manager > <https://github.com/buildbot/buildbot/pull/2660/files>, and we need to > understand the usecases in details in order to implement it best. > > Obfuscation of command (e.g. password) is nice, but if for whatever reason >> this command fails and writes sensitive information into stderr/stdout it >> will still be visible. Of course if worker is on Linux that can be piped >> and replaced (or through code itself). >> > Again, I am not sure what you suggest as a solution for that? > > >> Since I'm provisioning my workers with SSH keys anyway I have sensitive >> information in gitconfig, but I just wanted to point out that use cases can >> happen in situations when someone doesn't have another choice. >> > > I would be interrested to see what kind of gitconfig do you have, could > you please publish it (obviously with the sensitive information redacted) ? > > Regards, > Pierre >
_______________________________________________ users mailing list users@buildbot.net https://lists.buildbot.net/mailman/listinfo/users
