You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environments can store and expose secrets to the build. It would be nice if there was a way to use environments at a more granular level so secrets are only exposed to those parts of the workflow that actually need them.
For example if I need some secrets to store credentials to a cache service to cache my dependencies, then I should only need to expose my secrets to that cache service and not the entire build.
This prevents a malicious actor from writing code in one of the project dependencies to try and capture secrets.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Environments can store and expose secrets to the build. It would be nice if there was a way to use environments at a more granular level so secrets are only exposed to those parts of the workflow that actually need them.
For example if I need some secrets to store credentials to a cache service to cache my dependencies, then I should only need to expose my secrets to that cache service and not the entire build.
This prevents a malicious actor from writing code in one of the project dependencies to try and capture secrets.
Beta Was this translation helpful? Give feedback.
All reactions