On Thu, Jul 19, 2018 at 5:35 PM, Paul Belanger <[email protected]> wrote:
> On Thu, Jul 19, 2018 at 09:21:11AM +0200, Haïkel Guémar wrote: > > On 18/07/18 22:24, Paul Belanger wrote: > > > Greetings, > > > > > > With recent Jenkins security advisory today, I realized we just > imported the > > > current secrets from jenkins into zuulv3. I'd like to propose, just > to be extra > > > safe, we preform a re-key of everything that uses secrets. > > > > > > I'm not sure if this has every been done with jenkins, but we should > also > > > consider some policy to re-key everything ever x months too. > > > > > > Thoughts? > > > _______________________________________________ > > > dev mailing list > > > [email protected] > > > http://lists.rdoproject.org/mailman/listinfo/dev > > > > > > To unsubscribe: [email protected] > > > > > > > The current CBS credentials for RDO have never been into Jenkins. > > > Thanks, the SSH key for images.r.o is also safe, we've rotated that. What > about > about things needed for weirdo and other secrets? Who would know more > about > them. > I can help on that. That secret is an api token that can only be used to trigger builds of some specific jobs in ci.centos.org. > > - Paul > _______________________________________________ > dev mailing list > [email protected] > http://lists.rdoproject.org/mailman/listinfo/dev > > To unsubscribe: [email protected] >
_______________________________________________ dev mailing list [email protected] http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: [email protected]
