mrveera
commented
5 years ago Hey, I am curious to understand, how publishing images from Circle CI could lead to credentials leaking.
Closed zacanger closed 5 years ago
mrveera
commented
5 years ago Hey, I am curious to understand, how publishing images from Circle CI could lead to credentials leaking.
zacanger
commented
5 years ago Docker Cloud credentials would have to be made available as environment variables to the build. If someone were to get in some malicious code, they could steal those credentials and have access to hub.docker.com/u/entropicdev.
mrveera
commented
5 years ago My understanding is that CI tools make secure env variables available for an only master/development branch. In that case, the malicious code should be merged to master, That won't happen very easily because there will be multiple reviews for each PR.
Is this a feature request or a bug?
Feature request
Expected behavior:
Commits to master and git tags build and push images to Docker Hub (see also this script).
Actual behavior:
I've been doing it manually from my machine.
Details
Images could be built and pushed in Circle, but that could lead to credentials leaking. I wonder if automated builds would be better? That would probably require a service account or one of the maintainers or moderators setting it up.