Hi Pierre, maybe I wasn't explicit enough sorry. I meant that creds can leak if used with obfuscation for a remote command, not when using netrc. I just wanted to point that out since you said "Buildbot has capabilities to redact password from commands." (I presume you meant obfuscation).
Bye, Drago On Tue, Mar 7, 2017 at 1:49 PM, Pierre Tardy <[email protected]> wrote: > Hi Drago, > > Do you have evidence of git leaking the parameters found in the netrc? > I have never seen that yet. > > Android's AOSP Gerrit uses netrc to store http creds, and I have > implemented buildbot support for it, and we didn't see the creds leaking as > far as I remember. > > Regards > Pierre > > On Tue, Mar 7, 2017 at 1:01 PM Drago Trusk <[email protected]> wrote: > >> Hi Pierre, >> >> ups, sorry I'm not using .gitconfig for username/password but rather >> .netrc (_netrc for windows). Didn't yet got my coffee. >> >> My use case is that I have to interact (in a way) with a third party >> repository, but access for SSH was not granted so I received only HTTP(S) >> access. >> This is why my .netrc has >> (~/.netrc): machine <host> login <sensitive_user> password >> <sensitive_password> >> >> In such situations simple approach would be to have a list of parameters >> that all steps can receive so that they are stripped from any >> output/logging. I'll try to create a PoC when I come back home. >> >> Bye, >> Drago >> >> On Tue, Mar 7, 2017 at 10:40 AM, Pierre Tardy <[email protected]> wrote: >> >> Hi Drago >> >> On Tue, Mar 7, 2017 at 7:32 AM Drago Trusk <[email protected]> wrote: >> >> Hi Pierre, >> >> it is understandable that people should use SSH keys, but if third party >> exposes non-SSH access then this becomes a problem. >> >> Could you be more specific on this? I'd like to understand the exact use >> case in order to see how we can support it the best. >> Since we are currently designing the secret manager >> <https://github.com/buildbot/buildbot/pull/2660/files>, and we need to >> understand the usecases in details in order to implement it best. >> >> Obfuscation of command (e.g. password) is nice, but if for whatever >> reason this command fails and writes sensitive information into >> stderr/stdout it will still be visible. Of course if worker is on Linux >> that can be piped and replaced (or through code itself). >> >> Again, I am not sure what you suggest as a solution for that? >> >> >> Since I'm provisioning my workers with SSH keys anyway I have sensitive >> information in gitconfig, but I just wanted to point out that use cases can >> happen in situations when someone doesn't have another choice. >> >> >> I would be interrested to see what kind of gitconfig do you have, could >> you please publish it (obviously with the sensitive information redacted) ? >> >> Regards, >> Pierre >> >> >>
_______________________________________________ users mailing list [email protected] https://lists.buildbot.net/mailman/listinfo/users
