search

linuxserver / docker-syslog-ng

GNU General Public License v3.0
51 stars 9 forks source link

[BUG] credentials in ci #16

Closed janneman001 closed 1 year ago

janneman001 commented 1 year ago

Is there an existing issue for this?

Current Behavior

Hi leaving credentials in ci/cd is not good practice. I don't known if you do this deliberatly or how far this goes as security risk right now . Please look at: GITHUB_TOKEN=credentials( GITLAB_TOKEN=credentials(

in your Jenkinsfile.....

Expected Behavior

Credentials and tokens do not belong in SCM.

Steps To Reproduce

Look at: https://github.com/linuxserver/docker-syslog-ng/blob/main/Jenkinsfile

Environment

btw
Thanks for your docker-image it works out of the box!

CPU architecture

x86-64

Docker creation

I used default example.

Container logs

...
github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

Roxedus commented 1 year ago

Thank you for your concern! These are not actual credentials, rather just an uuid to the credential stored in Jenkins. They do not make sense outside the context of our CI.