Currently in https://tools.taskcluster.net/secrets/repo%3Agithub.com%2Fmozilla-releng%2Fservices%3Abranch%3Amaster we have a lot of sensitive information. However, that secret is meant to be shareable. Let's audit it, and remove any sensitive credentials. Here is the ones I see as being potentially problematic: - [ ] `common: CACHE_ACCESS_KEY_ID` - [ ] `common: CACHE_SECRET_ACCESS_KEY` - [ ] `common: DOCKER_PASSWORD` - [x] `common: CODECOV_ACCESS_TOKEN` - [x] `common: BUGZILLA_TOKEN` - [ ] `common: PULSE_USER` - [ ] `common: PULSE_PASSWORD` - [x] `common: TASKCLUSTER_CLIENT_ID` - [x] `common: TASKCLUSTER_ACCESS_TOKEN` - [ ] `common: NIX_CACHE_SECRET_KEYS` - [ ] `releng-tooltool: S3_REGIONS_ACCESS_KEY_ID` - [ ] `releng-tooltool: S3_REGIONS_SECRET_ACCESS_KEY` - [ ] `releng-treestatus: AUTH_CLIENT_ID` - [ ] `releng-treestatus: AUTH_CLIENT_SECRET` - [x] `uplift/backend: AUTH_CLIENT_ID` - [x] `uplift/backend: AUTH_CLIENT_SECRET` - [x] `static-analysis-bot: DATADOG_API_KEY` - [x] `static-analysis-bot: PHABRICATOR: api_key` (staging) - [x] `pulselistener: PULSE_USER` - [x] `pulselistener: PULSE_PASSWORD` - [x] `pulselistener: HOOKS: phabricator_token` (staging) - [ ] `shipit-api: AUTH_CLIENT_ID` - [ ] `shipit-api: AUTH_CLIENT_SECRET` - [ ] `shipit-api: GITHUB_TOKEN`
Currently in https://tools.taskcluster.net/secrets/repo%3Agithub.com%2Fmozilla-releng%2Fservices%3Abranch%3Amaster we have a lot of sensitive information.
However, that secret is meant to be shareable. Let's audit it, and remove any sensitive credentials.
Here is the ones I see as being potentially problematic:
common: CACHE_ACCESS_KEY_IDcommon: CACHE_SECRET_ACCESS_KEYcommon: DOCKER_PASSWORDcommon: CODECOV_ACCESS_TOKENcommon: BUGZILLA_TOKENcommon: PULSE_USERcommon: PULSE_PASSWORDcommon: TASKCLUSTER_CLIENT_IDcommon: TASKCLUSTER_ACCESS_TOKENcommon: NIX_CACHE_SECRET_KEYSreleng-tooltool: S3_REGIONS_ACCESS_KEY_IDreleng-tooltool: S3_REGIONS_SECRET_ACCESS_KEYreleng-treestatus: AUTH_CLIENT_IDreleng-treestatus: AUTH_CLIENT_SECRETuplift/backend: AUTH_CLIENT_IDuplift/backend: AUTH_CLIENT_SECRETstatic-analysis-bot: DATADOG_API_KEYstatic-analysis-bot: PHABRICATOR: api_key(staging)pulselistener: PULSE_USERpulselistener: PULSE_PASSWORDpulselistener: HOOKS: phabricator_token(staging)shipit-api: AUTH_CLIENT_IDshipit-api: AUTH_CLIENT_SECRETshipit-api: GITHUB_TOKEN