rsHRF icon indicating copy to clipboard operation
rsHRF copied to clipboard

Published 20 hours ago verified publisher icon bids-apps

[BUG] Compromised credentials

Open effigies opened this issue 1 year ago • 3 comments

What version of the bids app were you using?

No response

Describe your problem in detail.

CircleCI has alerted everyone to cycle credentials stored in their environment variables: https://circleci.com/blog/january-4-2023-security-alert/

A PYPI_PASSWORD environment variable was set in CircleCI (I have deleted it). I believe this belongs to @AmoghJohri and needs to be changed immediately. In the future, we should use tokens, and this can be done by setting TWINE_USER to __token__ and TWINE_PASSWORD to a token that is scoped to this one package only. The twine tool will automatically pick these up.

See https://pypi.org/help/#apitoken for additional guidance.

What command did you run?

No response

Describe what you expected.

No response

effigies avatar Jan 06 '23 14:01 effigies