Project

General

Profile

Actions

action #160334

closed

openQA Project (public) - coordination #105624: [saga][epic] Reconsider how openQA handles secrets

[qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests

Added by szarate 9 months ago. Updated about 15 hours ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Start date:
2024-09-06
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Difficulty:
Sprint:
QE-Core: February Sprint 25 (Feb 03 - Feb 28)

Description

Motivation

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"

This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.


Subtasks 1 (0 open1 closed)

action #166439: [qe-core] Remove hardcode password on the data directoryResolvedtinawang1232024-09-06

Actions

Related issues 3 (2 open1 closed)

Related to openQA Tests (public) - coordination #96596: [qe-core][CI] CI/CD and Coding style improvementsFeedbackmgrifalconi2019-12-11

Actions
Related to openQA Tests (public) - action #160325: [qe-core] Use templating system in autoyast profiles to use testapi::$password instead of nots3cr3tResolvedrfan12024-05-14

Actions
Related to openQA Tests (public) - action #173938: Remove hardcode password for wsl/Autounattend_BIOS.xml and wsl/Autounattend_UEFI.xmlNewpherranz2024-12-09

Actions
Actions

Also available in: Atom PDF