Closed pauldraper closed 5 years ago
toolmantim
commented
6 years ago Thanks for the feedback. We're working on just this, and you're spot on with the problem there. You'll definitely know when it's ready. I'll keep this open here though for reference.
pauldraper
commented
6 years ago Excellent! I look forward to it.
pauldraper
commented
5 years ago Any update on this?
The Elastic CI Stack for AWS actually mentions using a different queue for deploy for security reasons.
A deploy stack with added credentials and permissions specifically for deployment.
But it doesn't matter much if the agent tokens are not queue specific.
toolmantim
commented
5 years ago No news on it just yet I’m afraid.
In the meantime, most people commonly use environment hooks on the agents for a particular queue, to do the permissions checks.
For example: https://buildkite.com/docs/pipelines/permissions#programmatically-managing-teams https://buildkite.com/docs/agent/v3/securing
pauldraper
commented
5 years ago Ah, that's actually a pretty good workaround. Thanks!
ghost
commented
5 years ago As a Buildkite organisation admin, I'm interested in having the ability to scope an agent token to a queue.
lox
commented
5 years ago We have big plans on this front, moving discussion over to https://forum.buildkite.community/t/restricting-access-to-agents/200.
As far as I can tell, it's often the case that committers directly or indirectly have access to the machine, build agent, and associated credentials.
I could secure build machines via different queues. However, there is no per-queue security.
I suggest allowing admins to assign queues to different agent tokens. This would provide a simple, robust mechanism for build security.