question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Reuse credentials

See original GitHub issue

I’m currently using v2 of this action to clone a repo. In the workflow, some assets are generated, and I want to upload them to a branch (either in the same repo or in a different repo). I am using release.sh to copy sources to a new directory, create a new git repo there, create an orphan branch (gh-pages) and push it. Currently, I need to set the origin as https://github.com/buildthedocs/sphinx.theme/blob/e1a0dbe8ba6843322194607aad45195d38f5ce5d/.github/workflows/doc.yml#L17. I saw that this action creates the following configuration:

remote.origin.url=https://github.com/buildthedocs/sphinx.theme
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
http.https://github.com/.extraheader=AUTHORIZATION: basic ***

Unfortunately, I could not reuse http to configure the new clean/orphan repo that is created in the workflow. I’d like to know which is the recommended approach to replace https://github.com/buildthedocs/sphinx.theme/blob/e1a0dbe8ba6843322194607aad45195d38f5ce5d/.github/workflows/doc.yml#L17 and https://github.com/buildthedocs/sphinx.theme/blob/master/release.sh#L12-L13 with the credentials created by this action.

/cc @ericsciple

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7

github_iconTop GitHub Comments

1reaction
ericsciplecommented, Jul 16, 2020

That’s what i would recommend as a best practice. It’s best to keep credentials off the command line.

Note, cat wouldn’t matter because the command line would just be cat the-file-name (captured by audit event) and the sensitive data would flow through the stdout stream (not captured).

0reactions
einecommented, Jul 17, 2020

Thanks! In the end, just copying the config file worked (https://github.com/buildthedocs/sphinx.theme/commit/c3ed1178e6e849f6055f688fc29e3201cd4aa5e5) because it is the same repo after all.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Reusing Credentials | Metasploit Documentation
Credentials Reuse is a Metasploit Pro feature that reuses validated credentials to attempt to authenticate to additional targets. This feature is useful when ......
Read more >
Credential stuffing - Wikipedia
Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple sites, with one survey reporting that ...
Read more >
What is Credential Stuffing | Attack Example & Defense Methods
Credential stuffing relies on the reuse of the same usernames or account IDs across services. This is much more likely to happen if...
Read more >
How to End Password Reuse on the Web - Keeper Security
A password reuse attack is a type of data breach where a cybercriminal gains access to multiple accounts due to recycled login credentials....
Read more >
What Is Credential Stuffing? How To Prevent ... - Auth0
Credential stuffing attacks are one of the most common causes of data breaches because 65% of all people reuse the same password on...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found