Project

General

Profile

Actions
Copy link

action #160325

closed

openQA Project - coordination #105624: [saga][epic] Reconsider how openQA handles secrets

openQA Project - coordination #157537: [epic] Secure setup of openQA test machines with secure network+secure authentication

[qe-core] Use templating system in autoyast profiles to use testapi::$password instead of nots3cr3t

Added by szarate 2 months ago. Updated 9 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
rfan1
Category:
Infrastructure
Target version:
QA - QE-Core: Ready
Start date:
2024-05-14
Due date:
% Done:

0%

Estimated time:
Difficulty:
Sprint:
QE-Core: May Sprint 24 (May 07 - Jun 04)
Tags:
security, password, qe-core-may-sprint

Description

Motivation

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"

Goals

  • G1: Autoyast profiles in os-autoinst-distri-opensuse/data have variables instead of nots3cr3t password

Suggestions

In theory, this should be fairly straightforward, however, there are cases where the password is already hashed (i.e, slepos) where we might need to contact people from other areas

In the end, this should support the autoyast part of #157555

Related issues 2 (1 open1 closed)

Related to openQA Tests - action #160334: [qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requestsWorkable2024-05-14

Actions
Copied from openQA Tests - action #157555: [spike][timeboxed:10h][qe-core] Use a different ssh root password for any svirt (s390, x86, etc) installation openQA jobs size:SRejectedokurz

Actions
Actions
Copy link

Also available in: Atom PDF