Closed Bug 1182492 Opened 9 years ago Closed 9 years ago

[garndt-q3/2015-goal] Add ability for docker-worker to consume secrets from the provisioner

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: garndt, Assigned: garndt)

References

Details

Greg Arndt [:garndt]

Assignee

Description

•

9 years ago

docker-worker should consume secrets from the provisioner and remove any secret things being baked into the ami images.

Pete Moore [:pmoore][:pete]

Updated

•

9 years ago

Component: TaskCluster → Docker-Worker

Product: Testing → Taskcluster

Greg Arndt [:garndt]

Assignee

Updated

•

9 years ago

Assignee: nobody → garndt

Greg Arndt [:garndt]

Assignee

Comment 1

•

9 years ago

Work has been done to either consume secrets from the provisioner [1] or have some necessary secrets baked into the base image [2]

Now there should be no secret left in the AMI that is build for the app (the app AMI just uses the base AMI as the source so it has the secrets).  Anyone with AWS credentials for our account should now be able to create the app AMI and update the provisioner.

[1] https://github.com/taskcluster/docker-worker/pull/115
[2] https://github.com/taskcluster/docker-worker/pull/164

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: Docker-Worker → Workers

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[garndt-q3/2015-goal] Add ability for docker-worker to consume secrets from the provisioner

Categories

(Taskcluster :: Workers, defect)

Tracking

(Not tracked)

People

(Reporter: garndt, Assigned: garndt)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Updated