On Thu, Jul 19, 2018 at 5:35 PM, Paul Belanger <pabelanger@redhat.com> wrote:

On Thu, Jul 19, 2018 at 09:21:11AM +0200, Haïkel Guémar wrote:
> On 18/07/18 22:24, Paul Belanger wrote:
> > Greetings,
> >
> > With recent Jenkins security advisory today, I realized we just imported the
> > current secrets from jenkins into zuulv3. I'd like to propose, just to be extra
> > safe, we preform a re-key of everything that uses secrets.
> >
> > I'm not sure if this has every been done with jenkins, but we should also
> > consider some policy to re-key everything ever x months too.
> >
> > Thoughts?
> > _______________________________________________
> > dev mailing list
> > dev@lists.rdoproject.org
> > http://lists.rdoproject.org/mailman/listinfo/dev
> >
> > To unsubscribe: dev-unsubscribe@lists.rdoproject.org
> >
>
> The current CBS credentials for RDO have never been into Jenkins.
>
Thanks, the SSH key for images.r.o is also safe, we've rotated that. What about
about things needed for weirdo and other secrets? Who would know more about
them.

I can help on that. That secret is an api token that can only be used to trigger builds of some specific jobs in ci.centos.org.

- Paul
_______________________________________________
dev mailing list
dev@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev

To unsubscribe: dev-unsubscribe@lists.rdoproject.org