[rdo-dev] Regenerate secrets required by zuul jobs
Paul Belanger
pabelanger at redhat.com
Thu Jul 19 15:35:31 UTC 2018
On Thu, Jul 19, 2018 at 09:21:11AM +0200, Haïkel Guémar wrote:
> On 18/07/18 22:24, Paul Belanger wrote:
> > Greetings,
> >
> > With recent Jenkins security advisory today, I realized we just imported the
> > current secrets from jenkins into zuulv3. I'd like to propose, just to be extra
> > safe, we preform a re-key of everything that uses secrets.
> >
> > I'm not sure if this has every been done with jenkins, but we should also
> > consider some policy to re-key everything ever x months too.
> >
> > Thoughts?
> > _______________________________________________
> > dev mailing list
> > dev at lists.rdoproject.org
> > http://lists.rdoproject.org/mailman/listinfo/dev
> >
> > To unsubscribe: dev-unsubscribe at lists.rdoproject.org
> >
>
> The current CBS credentials for RDO have never been into Jenkins.
>
Thanks, the SSH key for images.r.o is also safe, we've rotated that. What about
about things needed for weirdo and other secrets? Who would know more about
them.
- Paul
More information about the dev
mailing list