bitrise-workflow-editor icon indicating copy to clipboard operation
bitrise-workflow-editor copied to clipboard

Published 20 hours ago verified publisher icon bitrise-io

It's possible to view passwords from protected certificated

Open guitcastro opened this issue 7 years ago • 5 comments

As showed in the screenshot above, if I click in the eye icon I am able to see the password of a protected certificated.

guitcastro avatar Sep 05 '18 18:09 guitcastro

Hi there!

As mentioned on Slack, this is intended. But it does raise a question about consistency regarding how secrets are protected, so thanks for bringing this to our attention!

bitce avatar Sep 07 '18 08:09 bitce

Understood (although I think make more sense to keep it private). I'm trying using generic file storage as a workaround, but I cannot use the Download URL from the generic file storage because it's not a secret (even if is protected).

Do you have another suggestion? I am out of options here, This project I am working on is very sensitive, I cannot expose sensitive information.

guitcastro avatar Sep 11 '18 19:09 guitcastro

I agree that you do have a point here. Well, there isn't anything I could recommend Viktor haven't already did on Slack 🙂How did editing the .yml directly go?

bitce avatar Sep 12 '18 10:09 bitce

Sorry, I forgot do give the feedback to you. It worked! Thanks for the help.

guitcastro avatar Sep 12 '18 15:09 guitcastro

Awesome, great news! No worries, sure thing, ping us anytime! 😉

bitce avatar Sep 12 '18 15:09 bitce