Project

General

Profile

action #104751

Updated by okurz over 2 years ago

## Motivation 

 We already don't write any variable with "_SECRET_" in the name to vars.json for security reasons. Within os-autoinst we have some security relevant data, e.g. passwords that we should likely treat the same. 

 Acceptance criteria 
 * **AC1:** Remote backend passwords don't appear in vars.json by default 

 ## Suggestions 
 * Call `git grep '_SECRET_'` to find all current handling of _SECRET_ variables 
 * Extend that to also look for `_PASSWORD` 
 * Ensure that the values for the backend passwords don't show up in vars.json, e.g. no IPMI_PASSWORD entry as in https://openqa.nue.suse.com/tests/7924361/file/vars.json 
 * Consider what happens when cloning such jobs. Do they fail because the password is missing?

Back