Open PhilippSelenium opened 5 years ago
tardyp
commented
5 years ago It is not possible at the moment. Force build only sets properties, so you would need to store it into properties. We could store such password in encrypted properties though, and only decrypt it in the last stage potentially with asymetric crypto, so that we can encrypt inside browser.
PhilippSelenium
commented
5 years ago If I use https from browser to master and TLS (http://docs.buildbot.net/current/relnotes/index.html#buildbot-2-1-0-2019-03-09) from master to worker wouldn't it be enough to just not have the field value displayed anywhere? More along the way of an obfuscated property instead of an encrypted property. Would that make it simpler? Or is your concern more along the way that somebody could do:
print(props.getProperty('obfuscated'))at any given time?
tardyp
commented
5 years ago yes, properties are also available through rest api, and we can't obfuscate there or there would be no way to actually retrieve the data
Is it possible to inject a password into the build via the force scheduler so that it is not visible in the logs or the build properties. (Optional also obfuscated when typed in) I have read about the secrets management but that does not allow me to inject different passwords for every build. Would it be possible to hack this into the force scheduler by using: http://docs.buildbot.net/current/developer/secrets.html#secret-obfuscation