Open jkmathew opened 1 month ago
Secrets (or user-specific configs) should be placed in a separate file, specified in extra_configuration_file
(default to user.rcinfo
). All configs placed there override the .rcinfo
and should not be checked into the repo.
So you can write a wrapper that before calling xcprepare integrate...
places any ENV/~.aws/credentials content to that file.
Thanks for looking into this!
I can see the user.rcinfo
is autogenerated. If I change extra_configuration_file
to point to my secrets file, will it break anything?
You can safely append AWS credentials to that autogenerated .yaml
- it is safe to modify after integration.
Expected/desired behavior Currently we have to add
aws_secret_key
,aws_security_token
etc to.rcinfo
file. In a security perspective, this is not a good practice. Sametime developers might be using any other tools that uses Amazon's SDKs which expect secrets either in environment variables(AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
etc) or in the~/.aws/credentials
file (source). IfXCRemoteCache
also supports these methods, we can avoid checking in security keys to the repository, and it will be helpful for developers already using Amazon services.Relevant integration setup
xcprepare integrate ...