Securing Deployment/Environment Parameters
Hi,
Can anyone advise on what are good approaches at securing the parameter values from potential hack/compromise of AppVeyor's infrastructure?
Perhaps someone has success using parameter encryption or direct retrieval of configuration from a trusted source?
any suggestions would be appreciated!
Anatolii
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Ilya Finkelshte... on 24 Mar, 2017 08:15 PM
Hi Anatolii,
Most probable secure variables are good fit for you.
Also look at file encryption here for cases like say certificate files stored in repo.
Ilya.
2 Posted by anatoliib on 27 Mar, 2017 05:39 PM
Ilya,
thank you for reply,
do you know if the (a) or (b) methods or both are such that AppVeyor's infrastructure (except for the agent running on deployment host) does not have any access to the underlying variable content ?
Anatolii
3 Posted by Ilya Finkelshte... on 27 Mar, 2017 06:46 PM
Hi Anatolii,
Both methods are based on secure variables and yes, AppVeyor's infrastructure has access to their value. What happens is it the moment when build is being scheduled, AppVeyor's infrastructure servers decrypts their value and sends to build workers as part for build job context (over SSL channel).
Ilya.
4 Posted by andrew on 01 Jun, 2017 02:23 PM
We make heavy use of secure environment variables, I think it would be helpful if these could not be allowed to be decrypted by the UI itself, currently it is possible to decrypt them on the fly and that has lead to reduced confidence that these are actually secure enough.
Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:17 AM.