action #104751
Updated by okurz over 2 years ago
## Motivation
We already don't write any variable with "_SECRET_" in the name to vars.json for security reasons. Within os-autoinst we have some security relevant data, e.g. passwords that we should likely treat the same.
Acceptance criteria
* **AC1:** Remote backend passwords don't appear in vars.json by default
## Suggestions
* Call `git grep '_SECRET_'` to find all current handling of _SECRET_ variables
* Extend that to also look for `_PASSWORD`
* Ensure that the values for the backend passwords don't show up in vars.json, e.g. no IPMI_PASSWORD entry as in https://openqa.nue.suse.com/tests/7924361/file/vars.json
* Consider what happens when cloning such jobs. Do they fail because the password is missing?