Branch specific environment variables
J
Jesse Butterfield
We're using circleci to do deployments from the production branch which not everybody has write access to, but since all branches share the same environment, users could actually deploy from non-protected branches by modifying the circle.yml. It'd be great to restrict the production deployment credentials to just the master branch.
CCI-I-302
M
Ming
It's unbelievable and sad that this feature does not exist and there are no branch based security workaround at all. My employer's company (big big company) literally had to go with other provider because of this.
Context security group is way too rigid for both big and small company. Yeah you can protect variable based on user role. But this security model is so outdated for obvious reasons... :(
Stephan Stachurski
Scott Wheeler do you think it's possible to replicate the workflow of restricting prod credentials to master (or any protected) branch with team based security contexts? How would you do it?
Can't upvote this issue enough, all the other major CI/CD players can do this.
S
Scott Wheeler
While it's not possible to restrict credentials to branches, secured contexts can be used to control access at the team level on Github. More information about secured contexts is available here: Using Contexts
S
Stephen Colebourne
This is an essential security feature. As it stands, a rogue employee could alter production simply by altering config.yml on a branch and using the environment variables that should be restricted to master only (and thus protected by needing a PR).
Possible solutions:
branch-specific environment variables
an admin UI setting per-repo as to whether the config.yml file is read from the current branch or always from master
an admin UI setting per-repo that only permits CircleCI builds on master (diregarding what config.yml says wrt branches/tags)
I note that this issue is repeatedly arising:
I'd like to see some action taken, given this is essentially a huge security hole that a rogue employee could take advantage of.
Franklin Yu
This security concern was also mentioned in "Secure circle.yml file" and "How to protect environment variable from being echo or printed". All other CI providers already provide such feature.
G
Geidivan Brito
Excellent suggestion. We're facing serious security problem cause of this. We need to set differente environment variables values by branch and set users permissions to not edit/remove master variables.
It's really important for projects shared with remote developer teams.