Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
cloud.google.com
Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets | Google Cloud Blog
1 comments
-
@kid TL;DR: If you have a secret variable in your CI/CD pipeline and it's written to a file that subsequently gets artifacted, anyone who can access that artifact can also read your secret variable.
Feels like a "no shit" moment but I guess I can see how someone could make this mistake in a more complicated setup than the example in the blog.