[英]Storing Secrets as cloud build environment variables
The recommended way of using secrets during builds on Cloud Build is by loading them in from Secret Manager.在 Cloud Build 上构建期间使用密钥的推荐方法是从 Secret Manager 中加载它们。 What would be the dangers of saving them as environment variables on the build trigger?将它们保存为构建触发器上的环境变量会有什么危险?
Anyone with project viewer or higher permissions will be able to see them.具有项目查看者或更高权限的任何人都可以查看它们。 Anyone who can invoke your build can easily print them out in build logs.任何可以调用您的构建的人都可以轻松地将它们打印到构建日志中。 There's no auditing or logging when a secret is accessed or by who.当秘密被访问或由谁访问时,没有审计或日志记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.