SVN password information and Cruise




  • Avatar
    Anush Ramani

    Hi Vim,

    Password encryption in the XML configuration file will be a feature in the Go 2.2 release. The release is planned for mid-H1 2011.

  • Avatar
    Vimala Rajaram

      Thanks Anush. As this is an auditing concern for the Segregation of Duties control that an individual has  both the ability to modify code (since they have the repository path, service account name, and password) as well move the code into production, is there any mitigation that can be taken until this feature is available in the GO 2.2 release?

  • Avatar
    Anush Ramani

    What type of separation of duties do you need to enforce?

    It's certainly possible to restrict access to config modification to a restricted set of admins only. You can have 3 roles (non-exhaustive, of course):

    1. Go Admins

    2. Developers (committers)

    3. Release engineers

    Only the admin role need have access to the SVN credentials.

  • Avatar

    One way of mitigating this is to remove the username and password from the config and save the svn credentials in the agent(s)  itself.

Please sign in to leave a comment.