chiubaka
commented
2 years ago I can de-escalate this. This is important, but only becomes a real concern if I ever bring any collaborators onto this project who might have access to CircleCI builds.
Open chiubaka opened 2 years ago
chiubaka
commented
2 years ago I can de-escalate this. This is important, but only becomes a real concern if I ever bring any collaborators onto this project who might have access to CircleCI builds.
I'm currently using a user key in CircleCI to quickly test whether or not I can get
git pushwrites working for my submodule deploys in #45.This token essentially gives CircleCI the ability to run commands as me, which is very dangerous. I need to swap this out for a read/write deploy key and then figure out how to use that deploy key to write to multiple repositories (since this particular job will write to multiple repositories)