New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement AZP_IGNORE_SECRETS_SHORTER_THAN knob #4073
Implement AZP_IGNORE_SECRETS_SHORTER_THAN knob #4073
Conversation
…-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
….VisualStudio.Services.Agent.csproj
…' of https://github.com/microsoft/azure-pipelines-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
…-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
…-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
…' of github.com:microsoft/azure-pipelines-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
…s package version 0.1.0-20220517.1.1 contains pdb and application doesn't run without it
…-agent into users/KonstantinTyukalov/Implement_min_secrets_len_knob
@KonstantinTyukalov please be sure that the solution is not going to be worse than the original problem. Nobody asked for secrets to be unmasked - that is worse than the problem reported where we can guess the secret values. What if I made a build pipeline that used secrets I am not supposed to know and set the knob to 1000? I'm going to see all of the things I'm not supposed to see. Also make sure its a feasible and reasonable suggestion. This proposal will require my org to put a variable into like 4K build pipelines. We should have to do nothing and change nothing - no knobulation should be required to have secrets masked appropriately. It just needs to work properly. I know this is not an easy ask but its possible and there really are no shortcuts that are OK when it comes to security and diagnostics. I dont normally comment on another org's PR's but it doesnt look like you are incorporating what is said in the issue thread or the dev comm issues into these solutions, and any potential reviewer needs to understand that |
@kirill-ivlev please take note of the comment above. This does not solve the problem and actually makes the problem worse. |
@StingyJack |
This reverts commit 4debafc.
Description: Implemented agent knob which allows to skip short secrets by setting min secret length of each secret.
Changelog:
AZP_IGNORE_SECRETS_SHORTER_THAN
knob.pdb
files from buildAdded unit tests:
Attached related issue:
Previous PR - #3962
Checklist: