action #166439
closedopenQA Project (public) - coordination #105624: [saga][epic] Reconsider how openQA handles secrets
action #160334: [qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests
[qe-core] Remove hardcode password on the data directory
0%
Description
Motivation
In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"
This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.
So we need remove password on data directory first.
Updated by tinawang123 2 months ago
- Status changed from Workable to In Progress
- Assignee set to tinawang123
Updated by JERiveraMoya about 2 months ago
- Related to action #168853: Remove hardcode password for first user and the root passwords in Agama unattended jsonnet profiles added
Updated by szarate about 2 months ago
- Sprint set to QE-Core: November Sprint 24 (Nov 06 - Dec 04)
- Tags changed from qe-core-october-sprint to qe-core-october-sprint, qe-core-november-sprint
- Category set to Refactor/Code Improvements
I think this has already been merged
Updated by tinawang123 about 1 month ago
- Status changed from In Progress to Resolved
Only those files have passwords:
data/wsl/Autounattend_BIOS.xml:
data/wsl/Autounattend_UEFI.xml:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/default_tumbleweed.sh:
data/yam/agama/auto/default_tumbleweed.sh
data/yam/agama/auto/alp_tumbleweed.jsonnet:
data/yam/agama/auto/alp_tumbleweed.jsonnet:
data/yam/agama/auto/default_tumbleweed.json:
data/yam/agama/auto/default_tumbleweed.json:
data/yam/agama/auto/default_leap.json:
data/yam/agama/auto/default_leap.json:
data/yam/agama/auto/default_sle.json:
data/yam/agama/auto/default_sle.json:
data/yam/agama/auto/gnome_tumbleweed.json:
data/yam/agama/auto/gnome_tumbleweed.json:
data/yam/agama/auto/gnome_leap.json:
data/yam/agama/auto/gnome_leap.json:
Others have removed hardcode password. Have opened related ticket.