3
14
Fork
You've already forked yojo
5

Allow enabling secrets #13

Closed
opened 2025年12月28日 11:54:17 +01:00 by emersion · 5 comments

Created by emersion on 2023年12月19日 16:10:49

Optionally, handle sr.ht tokens with the SECRETS:RO scope. Need to be careful not to leak secrets to third parties.

_Created by [emersion](https://todo.sr.ht/~emersion) on 2023年12月19日 16:10:49_ Optionally, handle sr.ht tokens with the SECRETS:RO scope. Need to be careful not to leak secrets to third parties.
Author
Owner
Copy link

Created by sircmpwn on 2024年03月24日 22:23:22

Could use this one for pushes (and not pull requests).

_Created by [sircmpwn](https://todo.sr.ht/~sircmpwn) on 2024年03月24日 22:23:22_ Could use this one for pushes (and not pull requests).
Author
Owner
Copy link

Created by emersion on 2024年03月25日 18:00:33

(Ah, and of course turning on secrets will grant access to any of your secrets to the Forgejo instance administrators as well.)

_Created by [emersion](https://todo.sr.ht/~emersion) on 2024年03月25日 18:00:33_ (Ah, and of course turning on secrets will grant access to any of your secrets to the Forgejo instance administrators as well.)
Author
Owner
Copy link

Created by emersion on 2024年03月25日 17:58:43

This is a bit tricky security-wise because turning on secrets for pushes will grant access to all of your secrets to anyone with access to the repository.

In hottub we only allow secrets if the owner of the repository has submitted the build. A more general solution would need a UI to allow a fixed list of secrets per repo, likely (but will still have security issues for many use-cases: SSH deploy keys and tokens with write access to more than just the specific project would be insecure, for instance).

_Created by [emersion](https://todo.sr.ht/~emersion) on 2024年03月25日 17:58:43_ This is a bit tricky security-wise because turning on secrets for pushes will grant access to all of your secrets to anyone with access to the repository. In hottub we only allow secrets if the owner of the repository has submitted the build. A more general solution would need a UI to allow a fixed list of secrets per repo, likely (but will still have security issues for many use-cases: SSH deploy keys and tokens with write access to more than just the specific project would be insecure, for instance).
Author
Owner
Copy link

Created by sircmpwn on 2024年03月26日 09:01:55

Fixed list of secrets per repo would make sense. Another option which could be more secure is to tell yojo that build manifest changes have to be approved by (or pushed by) an admin before they apply, then it keeps a hash of the build manifest in the database for reference.

_Created by [sircmpwn](https://todo.sr.ht/~sircmpwn) on 2024年03月26日 09:01:55_ Fixed list of secrets per repo would make sense. Another option which could be more secure is to tell yojo that build manifest changes have to be approved by (or pushed by) an admin before they apply, then it keeps a hash of the build manifest in the database for reference.
Author
Owner
Copy link

Created by emersion on 2024年10月11日 16:30:11

_Created by [emersion](https://todo.sr.ht/~emersion) on 2024年10月11日 16:30:11_
Sign in to join this conversation.
No Branch/Tag specified
master
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
emersion/yojo#13
Reference in a new issue
emersion/yojo
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?