About encoded private keys and pull requests

me's Avatar


04 Nov, 2015 05:30 PM

I read this in the documentation:

However, secure variables are not decoded during Pull Request builds which prevents someone from submitting PR with malicious build script displaying those variables. In more controlled environment through with a trusted team and private GitHub repositories there is an option on General tab of project settings to allow secure variables for PRs.

and was wondering if there could be a way to for example check the committer name to see if it's on a white-list ? At least for the repo owner that would be great.

Best regards!

  1. Support Staff 1 Posted by Feodor Fitsner on 04 Nov, 2015 09:56 PM

    Feodor Fitsner's Avatar

    Is it for public repo?

  2. 2 Posted by me on 05 Nov, 2015 12:33 AM

    me's Avatar


  3. Support Staff 3 Posted by Feodor Fitsner on 05 Nov, 2015 02:18 AM

    Feodor Fitsner's Avatar

    Agree, this might be a good feature - feel free to submit a new issue here: https://github.com/appveyor/ci/issues

  4. 4 Posted by me on 05 Nov, 2015 03:53 AM

    me's Avatar
  5. me closed this discussion on 05 Nov, 2015 03:53 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac