• Chamomile 🐑
    link
    fedilink
    625 days ago

    @kid TL;DR: If you have a secret variable in your CI/CD pipeline and it’s written to a file that subsequently gets artifacted, anyone who can access that artifact can also read your secret variable.

    Feels like a “no shit” moment but I guess I can see how someone could make this mistake in a more complicated setup than the example in the blog.