The server-side plugin code reads the Conjur Connection details and adds these properties into the build when it is started on the server. Then the agent-side plugin code reads those parameters, establishes a connection to Conjur, and reads the secrets as necessary.
Unfortunately, the connection details remain in the teamcity.conjur.* parameters, including the API key.
Steps to Reproduce
Steps to reproduce the behavior:
Define a Conjur connection in a TC project
Run a build in that project
After it finishes, go to Parameters
See the parameters e.g. teamcity.conjur.apiKey
Expected Results
The parameters should not be visible, at least not the API key.
Actual Results (including error logs, if applicable)
Summary
The server-side plugin code reads the Conjur Connection details and adds these properties into the build when it is started on the server. Then the agent-side plugin code reads those parameters, establishes a connection to Conjur, and reads the secrets as necessary. Unfortunately, the connection details remain in the
teamcity.conjur.*
parameters, including the API key.Steps to Reproduce
Steps to reproduce the behavior:
teamcity.conjur.apiKey
Expected Results
The parameters should not be visible, at least not the API key.
Actual Results (including error logs, if applicable)
API key is visible in plaintext.
Reproducible
Version/Tag number
TC 2022.04.2, Conjur plugin v0.0.1.
Environment setup
MacOS 12.5.1
Additional Information
TC running locally or on a dedicated server.