[QA] Keeping secrets safe on Jenkins
Dan Duvall
dduvall at wikimedia.org
Fri Aug 21 19:07:33 UTC 2015
On Wed, Aug 19, 2015 at 11:34 AM, Stephen Niedzielski <
sniedzielski at wikimedia.org> wrote:
>
> In the lack of a preexisting solution, I would like to submit a ticket.
> Are there any recommendation on how I should go about this and how to
> figure out if getting a release server is something that can even be done
> this fiscal year? It's worth mentioning that in addition to internal
> solutions, we would be open to discussing a trusted third party SaaS
> provider if that's more practical. Thanks!
>
A well defined MVP in task form is probably the way to go, but I would
maybe have a conversation with Security first about a specific use case
e.g. signing of production Android packages. The reason I suggest
formulating something around a single use case is that it orients us toward
implementing secure processes instead of a "secure" environment—the latter
being somewhere where we have a (likely false) sense of security when
setting up any number of automated processes. Does that make sense?
--
Dan Duvall
Automation Engineer
Wikimedia Foundation <http://wikimediafoundation.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/qa/attachments/20150821/c7733227/attachment.html>
More information about the QA
mailing list