pieceofsummer / Hangfire.Console

Job console extension for Hangfire
MIT License
436 stars 80 forks source link

Nuget private API key is committed in appveyor.yml #130

Closed BredStik closed 8 months ago

BredStik commented 8 months ago

The private key should be kept secret. Anyone could publish malicious code to nuget on your behalf. Hopefully, you have rotated your nuget api key since committing this file.

pieceofsummer commented 8 months ago

API keys in the yml are encrypted and tied to the appveyor account, and no one besides appveyor itself should be able to decrypt them. No worries.

BredStik commented 8 months ago

API keys in the yml are encrypted and tied to the appveyor account, and no one besides appveyor itself should be able to decrypt them. No worries.

Great! Better safe than sorry! ;-)