Build or artifact systems access details visible
Your build systems, and frameworks, such as Gradle, Maven, and others, are responsible to build your software in a reliable, fast, and productive way. They are also responsible to do so in a secure way. Having that you may have private artifact storage, services, and repositories, their credentials need to be used.
It is necessary to keep the access details and credentials of these systems out of your actual build configuration code, or any other plainly visible asset, as hackers can tamper with libraries, inject code, and take over your IP as well as other sensitive data.
Problem
Build systems or artifact services access details, passwords or tokens are visible or hardcoded.
Fix
Infrastructure
- Use a cloud-native secret store, such as AWS Secrets Manager
- Use a dedicated vault product, such as:
Architecture
See
Updated over 1 year ago