Any security guarantee? #276
Labels
question
Further information is requested
Comments
|
Same question, are there any guarantees preventing potential unauthorized modifications being made to this repository? |
|
Asked myself the same question recently. One option to mitigate the risk is, switching to self-hosted runners from Github. Setup an SSH-Key on your self hosted runner and add it to the known_hosts on your server. Hereby you can avoid storing the private-key outside of the machine. See https://stackoverflow.com/a/72983036 . |
|
Source Code here: https://github.com/appleboy/drone-ssh and Images: https://github.com/appleboy/drone-ssh/pkgs/container/drone-ssh |
|
build docker image from here: Line 1 in 4330a1e |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have tested the tool and it is working fine.
I am wondering if there is an guarantee that my credentials won't be leaked. Of course keys are stored as Github secrets, but your code has access to the secrets and could possibly log them somewhere. I am probably not the first one with this concern, but I didn't find any information about such a risk.
Thanks!
The text was updated successfully, but these errors were encountered: