agent icon indicating copy to clipboard operation
agent copied to clipboard
verified publisher icon buildkite

Disallow uploading pipelines containing interpolated secrets by default

Open moskyb opened this issue 3 years ago • 2 comments

Further to #1589, pipeline secret redaction should become default in Agent v4.

This PR makes it so that default behaviour is to disallow pipeline uploads containing interpolations of potentially secret environment variables. We add flag to buildkite-agent pipeline upload to allow uploading pipelines with these secrets, but note in the CLI help and the log output that this behaviour is insecure.

We won't merge this until we release Agent v4

moskyb avatar Mar 23 '22 21:03 moskyb

pipeline secret redaction should become default in Agent v4.

I don't know if this issue is complete, but there's an historical attempt to list the breaking changes we're saving for v4 over in #1391

yob avatar Mar 23 '22 21:03 yob

@yob already in there :)

moskyb avatar Mar 23 '22 21:03 moskyb