Hi, On Fri, Apr 14, 2023 at 09:37:05AM +0200, Leon Woestenberg wrote: > On Fri, Apr 14, 2023 at 9:24 AM Mikko Rapeli <[email protected]> > wrote: > > > > > The environment variables and thus secrets are easily leaking into build > > logs so I would not use them. > > > > Instead, I would use .netrc for git and anything using curl (http > > fetcher). subversion caches passwords into ~/.subversion directory once > > the password has been given once. > > > > In CI, these can be deployed automatically using ansible etc and > > developers should setup these for their own machines. > > > > Hope this helps, > > > I think this is wrong advice, we switched away from this years ago as with > docker and CI/CD, as the security implications are easily exposable. > There is not enough info in OP and I persist this is off-topic here, so no > answer can be good. See: > > docker secret > > https://blog.gitguardian.com/how-to-handle-secrets-in-docker/
Yes, with docker this is much better. Without docker options may be more limited and also depend heavily on IT infrastructure which in real life has meant .netrc for me. This is no means secure or even best practice but just works. ssh keys are much better, if that is an option. Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#59713): https://lists.yoctoproject.org/g/yocto/message/59713 Mute This Topic: https://lists.yoctoproject.org/mt/98248615/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
