Web lists-archives.com

Re: Salsa token and privacy

Hi Frederic,

We've been dealing with the same problem even on salsa pipelines. CI
tokens are not allowed to push[1], so you must use your own token for
that purpose.

[1] https://gitlab.com/gitlab-org/gitlab-ce/issues/18106

On 06/08/18 14:05, PICCA Frederic-Emmanuel wrote:
> Hello,
> I was using a nitrokey pro + gpg-agent in order to  connect via ssh to the debian infrastructure.
> Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.
> So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
> And it means a lot.
> I would like to have something like the previous setup where all my private information are stores on the nitrokey.
> do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times  everywhere.
> and if not how are you dealing with this ?
> Frederic
> PS: Nothing polemic here please, I have just this concern about the token privacy.

- ina

Attachment: signature.asc
Description: OpenPGP digital signature