Y
Hacker News
new
|
ask
|
show
|
jobs
by
tkellogg
870 days ago
are you pushing PHI/PII through github actions?
2 comments
CSDude
870 days ago
Does not matter - pipeline needs to be trusted because it has access to sensitive resources for deployment tasks, can fake test results etc.
link
slekker
870 days ago
Even though it is a bit of a PITA to maintain self hosted runners, it is the reason we do it.
link
Klasiaster
869 days ago
GARM can easily manage ephemeral runners for you:
https://github.com/cloudbase/garm
(Ephemeral runners are also more secure)
link
manquer
870 days ago
Actions have access to environment secrets . Those secrets can open door to PII.
link