[jira] [Commented] (YETUS-504) Keep sensitive information like passwords out of the docker container.

Allen Wittenauer (Jira) Fri, 30 Oct 2020 23:04:39 -0700


    [ 
https://issues.apache.org/jira/browse/YETUS-504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17224008#comment-17224008
 ]


Allen Wittenauer commented on YETUS-504:
----------------------------------------

It is worth noting that with Docker BuildKit now supporting secret mounts, this 
_might_ be easier to do now. See 
https://docs.docker.com/develop/develop-images/build_enhancements/

> Keep sensitive information like passwords out of the docker container.
> ----------------------------------------------------------------------
>
>                 Key: YETUS-504
>                 URL: https://issues.apache.org/jira/browse/YETUS-504
>             Project: Yetus
>          Issue Type: Improvement
>          Components: Precommit
>            Reporter: Allen Wittenauer
>            Priority: Critical
>
> One of the things that has bugged me for quite a while is that user code in 
> the Docker container has access to the passwords for external systems.  It 
> would be nice to reconfigure this a bit where we do all of that work outside 
> of the container.  This way, there would be no need to push sensitive data 
> inside.  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (YETUS-504) Keep sensitive information like passwords out of the docker container.

Reply via email to