|
|
|
|
|
|
by TheSpiciestDev
1612 days ago
|
|
|
But then what would happen if the GitHub token leaks? Would someone then be able to retrieve their own credentials as if they were your CI/CD pipeline? I feel like it be hard to audit that because a baddie would then be able to blend in with your CI/CD pipeline's traffic. But you say you find "management of AWS Credentials a pain", so I guess this isn't for security purposes, right? More of just a convenience? Don't get me wrong, I'm all about lessening the amount of environment variables in a pipeline!.. especially with ones that you want to rotate! |
|
|
Ref: https://docs.github.com/en/actions/security-guides/automatic...
And the SAML.to backend first checks to make sure the token is valid by invoking:
Ref: https://docs.github.com/en/rest/reference/apps#list-reposito...
I haven't checked, but I assume GitHub invalidates the token when the GitHub Action finishes