SVN password information and Cruise

Follow

Comments

4 comments

  • Avatar
    Anush Ramani

    Hi Vim,


    Password encryption in the XML configuration file will be a feature in the Go 2.2 release. The release is planned for mid-H1 2011.

    0
    Comment actions Permalink
  • Avatar
    Vimala Rajaram

      Thanks Anush. As this is an auditing concern for the Segregation of Duties control that an individual has  both the ability to modify code (since they have the repository path, service account name, and password) as well move the code into production, is there any mitigation that can be taken until this feature is available in the GO 2.2 release?

    0
    Comment actions Permalink
  • Avatar
    Anush Ramani

    What type of separation of duties do you need to enforce?


    It's certainly possible to restrict access to config modification to a restricted set of admins only. You can have 3 roles (non-exhaustive, of course):



    1. Go Admins

    2. Developers (committers)

    3. Release engineers


    Only the admin role need have access to the SVN credentials.

    0
    Comment actions Permalink
  • Avatar
    Manoj

    One way of mitigating this is to remove the username and password from the config and save the svn credentials in the agent(s)  itself.

    0
    Comment actions Permalink

Please sign in to leave a comment.