Pushing creds to credhub rather than git

bruce-ricard commented 5 years ago

It is my understanding that we should try to have our concourse credentials in credhub and not Git/github. This task.yml and its task commiting of yours suggest we should be putting the resource after this task.

In our pipeline, we regenerate the 3 files before each rats, cats etc. run by pulling the creds from credhub, this prevents us from pushing creds to git.

Removing the "put" related comment from the task.yml and removing all git commit related things in the script should prevent users from pushing sensitive information to git.

cf-gitbot commented 5 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/164811779

The labels on this github issue will be updated when the story is started.

Changdrew commented 5 years ago

@bruce-ricard That sounds reasonable. Do you have tasks that do the right thing that you would be willing to PR?

cc: @davewalter

davewalter commented 4 years ago

Closing due to inactivity. Please feel free to re-open if desired.

cloudfoundry / cf-deployment-concourse-tasks

Pushing creds to credhub rather than git #88