|
|
|
|
|
|
by pizzafeelsright
185 days ago
|
|
|
Assume these are for deployment to remote services - 'use deploy keys exclusively' If the bad intent actor has access to the source code they still need to have access to push to the remote repo to issue a deployment. If they have access to the remote repo they would then have full access to the deployment, I am not certain this is avoidable if one can edit code, push, and have the pipeline deploy as desired. Car analogy? Key fob in the car in a locked garage. If you have access to the garage you can steal the car. Secure 'enough' for most people because the intrusion happened prior to the deploy. |
|
|