• Chamomile 🐑@furry.engineer
    link
    fedilink
    arrow-up
    6
    ·
    5 months ago

    @kid TL;DR: If you have a secret variable in your CI/CD pipeline and it’s written to a file that subsequently gets artifacted, anyone who can access that artifact can also read your secret variable.

    Feels like a “no shit” moment but I guess I can see how someone could make this mistake in a more complicated setup than the example in the blog.