action #160334
openopenQA Project - coordination #105624: [saga][epic] Reconsider how openQA handles secrets
[qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests
100%
Description
Motivation¶
In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"
This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.
Updated by szarate 6 months ago
- Related to coordination #96596: [qe-core][CI] CI/CD and Coding style improvements added
Updated by szarate 6 months ago
- Related to action #160325: [qe-core] Use templating system in autoyast profiles to use testapi::$password instead of nots3cr3t added
Updated by tinawang123 3 months ago
- Status changed from Workable to In Progress
- Assignee set to tinawang123
Updated by tinawang123 3 months ago
Updated by tinawang123 3 months ago
- Status changed from In Progress to Blocked
Need remove passwords on data folder first.
Blocked by ticket: https://progress.opensuse.org/issues/166439
Updated by JERiveraMoya 14 days ago
Please don't forget to provide a way to disable the check in the CI for some specific folder for example, so testing for agama will not be stopped, at the moment there is no way to set encrypted password in profiles: https://progress.opensuse.org/issues/168853 is work in progress: