This repository was archived by the owner on Nov 11, 2019. It is now read-only.
This repository was archived by the owner on Nov 11, 2019. It is now read-only.
all: remove any sensitive tokens from the master secret, which is meant to be semi-public #1550
Description
Currently in https://tools.taskcluster.net/secrets/repo%3Agithub.com%2Fmozilla-releng%2Fservices%3Abranch%3Amaster we have a lot of sensitive information.
However, that secret is meant to be shareable. Let's audit it, and remove any sensitive credentials.
Here is the ones I see as being potentially problematic:
-
common: CACHE_ACCESS_KEY_ID -
common: CACHE_SECRET_ACCESS_KEY -
common: DOCKER_PASSWORD -
common: CODECOV_ACCESS_TOKEN -
common: BUGZILLA_TOKEN -
common: PULSE_USER -
common: PULSE_PASSWORD -
common: TASKCLUSTER_CLIENT_ID -
common: TASKCLUSTER_ACCESS_TOKEN -
common: NIX_CACHE_SECRET_KEYS -
releng-tooltool: S3_REGIONS_ACCESS_KEY_ID -
releng-tooltool: S3_REGIONS_SECRET_ACCESS_KEY -
releng-treestatus: AUTH_CLIENT_ID -
releng-treestatus: AUTH_CLIENT_SECRET -
uplift/backend: AUTH_CLIENT_ID -
uplift/backend: AUTH_CLIENT_SECRET -
static-analysis-bot: DATADOG_API_KEY -
static-analysis-bot: PHABRICATOR: api_key(staging) -
pulselistener: PULSE_USER -
pulselistener: PULSE_PASSWORD -
pulselistener: HOOKS: phabricator_token(staging) -
shipit-api: AUTH_CLIENT_ID -
shipit-api: AUTH_CLIENT_SECRET -
shipit-api: GITHUB_TOKEN