mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-11-12 12:15:00 +00:00
Code Issues Projects Releases Wiki Activity

Updated Secrets image filter docs (#4028)

Browse source 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
Thomas Anderson 2024-08-15 20:34:13 +03:00 committed by GitHub
parent 8ae8b8647e
commit cf7a548c51
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/docs/20-usage/40-secrets.md
View file

@ -70,9 +70,11 @@ Secrets are not exposed to pull requests by default. You can override this behav
Please be careful when exposing secrets to pull requests. If your repository is open source and accepts pull requests your secrets are not safe. A bad actor can submit a malicious pull request that exposes your secrets. Please be careful when exposing secrets to pull requests. If your repository is open source and accepts pull requests your secrets are not safe. A bad actor can submit a malicious pull request that exposes your secrets.
::: :::
## Image filter ## Plugins filter
To prevent abusing your secrets from malicious usage, you can limit a secret to a list of images. If enabled they are not available to any other plugin (steps without user-defined commands). If you or an attacker defines explicit commands, the secrets will not be available to the container to prevent leaking them. To prevent abusing your secrets from malicious usage, you can limit a secret to a list of plugins. If enabled they are not available to any other plugin (steps without user-defined commands). If you or an attacker defines explicit commands, the secrets will not be available to the container to prevent leaking them.
![plugins filter](./secrets-plugins-filter.png)
## Adding Secrets ## Adding Secrets

BIN
docs/docs/20-usage/secrets-plugins-filter.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

6
web/src/assets/locales/en.json
View file

@ -422,9 +422,9 @@
"deleted": "Secret deleted", "deleted": "Secret deleted",
"created": "Secret created", "created": "Secret created",
"saved": "Secret saved", "saved": "Secret saved",
"images": { "plugins": {
"images": "Available for the following images", "images": "Available only for the following plugins",
"desc": "List of images where this secret is available, leave empty to allow for all images." "desc": "List of plugins images where this secret is available, leave empty to allow for all plugins and general steps."
}, },
"events": { "events": {
"events": "Available at the following events", "events": "Available at the following events",

4
web/src/components/secrets/SecretEdit.vue
View file

@ -21,8 +21,8 @@
/> />
</InputField> </InputField>
<InputField v-slot="{ id }" :label="$t('secrets.images.images')"> <InputField v-slot="{ id }" :label="$t('secrets.plugins.images')">
<span class="ml-1 mb-2 text-wp-text-alt-100">{{ $t('secrets.images.desc') }}</span> <span class="ml-1 mb-2 text-wp-text-alt-100">{{ $t('secrets.plugins.desc') }}</span>
<div class="flex flex-col gap-2"> <div class="flex flex-col gap-2">
<div v-for="image in innerValue.images" :key="image" class="flex gap-2"> <div v-for="image in innerValue.images" :key="image" class="flex gap-2">