action #166439
closedopenQA Project - coordination #105624: [saga][epic] Reconsider how openQA handles secrets
action #160334: [qe-core] Add CI/CD check to avoid uses of nots3cr3t or other hardcoded password in pull requests
[qe-core] Remove hardcode password on the data directory
0%
Description
Motivation
In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments"
This will not stop somebody from adding a different password though, so we need to think a bit before working on this, however we can start with using it on the data directory first.
So we need remove password on data directory first.
Updated by szarate about 1 month ago
- Tags set to qe-core-october-sprint
- Status changed from New to Workable
Updated by tinawang123 about 1 month ago
- Status changed from Workable to In Progress
- Assignee set to tinawang123
Updated by JERiveraMoya 27 days ago
- Related to action #168853: Remove hardcode password at json file on the data directory added
Updated by tinawang123 22 days ago
Updated by tinawang123 8 days ago
- Status changed from In Progress to Resolved
Only those files have passwords:
data/wsl/Autounattend_BIOS.xml:
data/wsl/Autounattend_UEFI.xml:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.json:
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/leap16.sh
data/yam/agama/auto/default_tumbleweed.sh:
data/yam/agama/auto/default_tumbleweed.sh
data/yam/agama/auto/alp_tumbleweed.jsonnet:
data/yam/agama/auto/alp_tumbleweed.jsonnet:
data/yam/agama/auto/default_tumbleweed.json:
data/yam/agama/auto/default_tumbleweed.json:
data/yam/agama/auto/default_leap.json:
data/yam/agama/auto/default_leap.json:
data/yam/agama/auto/default_sle.json:
data/yam/agama/auto/default_sle.json:
data/yam/agama/auto/gnome_tumbleweed.json:
data/yam/agama/auto/gnome_tumbleweed.json:
data/yam/agama/auto/gnome_leap.json:
data/yam/agama/auto/gnome_leap.json:
Others have removed hardcode password. Have opened related ticket.