Closed pauldraper closed 5 years ago
Thanks for the feedback. We're working on just this, and you're spot on with the problem there. You'll definitely know when it's ready. I'll keep this open here though for reference.
Excellent! I look forward to it.
Any update on this?
The Elastic CI Stack for AWS actually mentions using a different queue for deploy for security reasons.
A deploy stack with added credentials and permissions specifically for deployment.
But it doesn't matter much if the agent tokens are not queue specific.
No news on it just yet I’m afraid.
In the meantime, most people commonly use environment hooks on the agents for a particular queue, to do the permissions checks.
For example: https://buildkite.com/docs/pipelines/permissions#programmatically-managing-teams https://buildkite.com/docs/agent/v3/securing
Ah, that's actually a pretty good workaround. Thanks!
As a Buildkite organisation admin, I'm interested in having the ability to scope an agent token to a queue.
We have big plans on this front, moving discussion over to https://forum.buildkite.community/t/restricting-access-to-agents/200.
As far as I can tell, it's often the case that committers directly or indirectly have access to the machine, build agent, and associated credentials.
I could secure build machines via different queues. However, there is no per-queue security.
I suggest allowing admins to assign queues to different agent tokens. This would provide a simple, robust mechanism for build security.