RADar-AZDelta/archived-azd-radar-data-keunFirebase
1
0
Fork 0
mirror of https://github.com/RADar-AZDelta/azd-radar-data-keunFirebase.git synced 2026-03-23 20:36:48 +00:00
Code Issues 2 Projects Packages Wiki Activity

[GH-ISSUE #2] Never store your GCP auth token in a file! This is insecure!!!! #3

New issue
Closed
opened 2026-03-23 20:34:38 +00:00 by mirror · 3 comments
mirror commented 2026-03-23 20:34:38 +00:00
Owner
Copy link

Originally created by @pjlammertyn on GitHub (Jun 20, 2024).
Original GitHub issue: https://github.com/RADar-AZDelta/azd-radar-data-keunFirebase/issues/2

Originally assigned to: @BostoenToby on GitHub.

github.com/RADar-AZDelta/azd-radar-dev-keun@6b23bde84e/docker-build.sh (L2)

Originally created by @pjlammertyn on GitHub (Jun 20, 2024). Original GitHub issue: https://github.com/RADar-AZDelta/azd-radar-data-keunFirebase/issues/2 Originally assigned to: @BostoenToby on GitHub. https://github.com/RADar-AZDelta/azd-radar-dev-keun/blob/6b23bde84e6a73e1e7c42466ec9ce1f18695f8b8/docker-build.sh#L2
mirror 2026-03-23 20:34:38 +00:00
  • closed this issue
  • added the
    security
         label
mirror commented 2026-03-23 20:34:38 +00:00
Author
Owner
Copy link

@BostoenToby commented on GitHub (Jun 20, 2024):

This just to pass to the Dockerfile to be able to have access to the Artifact Registry (private NPM repo). This file isn't stored in Git or anywhere else, so why is this insecure?

<!-- gh-comment-id:2181368233 --> @BostoenToby commented on GitHub (Jun 20, 2024): This just to pass to the Dockerfile to be able to have access to the Artifact Registry (private NPM repo). This file isn't stored in Git or anywhere else, so why is this insecure?
mirror commented 2026-03-23 20:34:39 +00:00
Author
Owner
Copy link

@pjlammertyn commented on GitHub (Jun 20, 2024):

Because by default, your files are group or even world readable.
So storing tokens in a file is an anti-pattern. Because nobody checks the read access, and nobody shreds them if they are no longer needed.

image

<!-- gh-comment-id:2181394228 --> @pjlammertyn commented on GitHub (Jun 20, 2024): Because by default, your files are group or even world readable. So storing tokens in a file is an anti-pattern. Because nobody checks the read access, and nobody shreds them if they are no longer needed. ![image](https://github.com/RADar-AZDelta/azd-radar-dev-keun/assets/1187178/93ccf18d-3e27-4996-b6a0-4d3a15c12b50)
mirror commented 2026-03-23 20:34:39 +00:00
Author
Owner
Copy link

@BostoenToby commented on GitHub (Jun 20, 2024):

Understandable, in the latest commit it's stored in a variable in the script and directly used in the docker build command.
Thanks for the feedback!

<!-- gh-comment-id:2181396082 --> @BostoenToby commented on GitHub (Jun 20, 2024): Understandable, in the latest commit it's stored in a variable in the script and directly used in the docker build command. Thanks for the feedback!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
No results found.
Labels
Clear labels   
security

   
security
No labels
security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
RADar-AZDelta/archived-azd-radar-data-keunFirebase#3
No description provided.