In large companies, it's dangerous to let everyone with repo write permissions ssh into machine and printenv.Also, even after hide "Rebuild with SSH", how do we avoid people create their on ssh connection editing circleci config 🤔
lots of people discussed this critical issue, why circleci don't care about this?
Big security issue for such a long time, why haven't been fixed
This seems like something we should be able to do. enable/disable access to a user role/group to SSH into a job. We don't want users to be able to just print all env variables.
This feature idea always come up on our internal security discussions. Af of now, too many people can SSH into our jobs and just "$ echo" all the secrets.
No, read-only users can't trigger jobs, including SSH. This feature would restrict this to only admins and owners, instead of the current behavior of all users with write or push access to the repo.
How is this not already a thing? In GitHub, we have users with read only permissions, but now either of these users can now access credentials and write to production?????
You won't be notified about changes to this idea.