-
-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any security guarantee? #276
Comments
Same question, are there any guarantees preventing potential unauthorized modifications being made to this repository? |
Asked myself the same question recently. One option to mitigate the risk is, switching to self-hosted runners from Github. Setup an SSH-Key on your self hosted runner and add it to the known_hosts on your server. Hereby you can avoid storing the private-key outside of the machine. See https://stackoverflow.com/a/72983036 . |
Source Code here: https://github.com/appleboy/drone-ssh and Images: https://github.com/appleboy/drone-ssh/pkgs/container/drone-ssh |
build docker image from here: Line 1 in 4330a1e
|
We do not retain any credentials information. Once used, the Container is removed. |
Hi,
I have tested the tool and it is working fine.
I am wondering if there is an guarantee that my credentials won't be leaked. Of course keys are stored as Github secrets, but your code has access to the secrets and could possibly log them somewhere. I am probably not the first one with this concern, but I didn't find any information about such a risk.
Thanks!
The text was updated successfully, but these errors were encountered: