Sensitive files potentially included in CI debug artifacts #949
Description
Current Behavior
The fcli action run ci action creates an FoD or SSC session and destroys it after use, and during execution, additional sessions may be created (for example for Aviator). Session creation involves creating session files, which could potentially be exposed through CI debug artifacts. Although the risk is very low, as these sessions files are usually cleaned up (including through shutdown hooks), we should avoid any sensitive files being created during ci action execution to be useable to gain access to systems if exposed through debug artifacts.
Expected Behavior
No response
Steps To Reproduce
No response
Environment
Anything else?
Users can already declare a custom encryption key through the FCLI_ENCRYPT_KEY environment variable, but this is not documented in our CI integration documentation and even if it was, users will probably ignore it. Given that any sensitive files created during action execution should only be accessible during that same action execution, plan is to introduce a new action configuration property to indicate that any sensitive files created during action execution should only be accessible during that action execution. If this setting is enabled, we'll use a random, ephemeral encryption key that's only valid during action execution.