|
|
|
|
|
|
by mukesh610
655 days ago
|
|
|
No, in my YAML example, you could see that there were no credentials directly hard-coded into the pipeline. The credentials are configured separately, and the Pipelines are free to use them to do whatever actions they want. This is how all major players in the market recommend you set up your CI pipeline. The problem here lies in implicit trust of the pipeline configuration which is stored along with the code. |
|
|
I was thinking maybe a better approach instead of CICD SSH into prod machine is to have the prod machine just listen to changes in git.