Potential security issue
See original GitHub issueWhen using this action, the following warning is displayed and it states that secrets are visible inside the container in plaintext in /github/home/.docker/config.json
. I am aware that action containers are ephemeral, but isn’t this file accessible to subsequent executed actions?
15 Logging in to registry 16 WARNING! Using --password via the CLI is insecure. Use --password-stdin. 17 WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json. 18 Configure a credential helper to remove this warning. See 19 https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Issue Analytics
- State:
- Created 3 years ago
- Reactions:19
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Potential Security Risk Ahead' Error in Firefox
Fix the “Secure Connection Failed” Error in Mozilla Firefox · 1. Continue With an Insecure Connection · 2. Add the Site to Your...
Read more >Potential Security Issue" on well known sites | Firefox Support ...
When a website that requires a secure (https) connection tries to secure communication with your computer, Firefox cross-checks this attempt to ...
Read more >Fix: Firefox Did Not Connect Potential Security Issue Error
How do I fix does not connect potential security issues in Firefox? · 1. Accept the risk and continue · 2. Temporarily disable...
Read more >Firefox Potential Security Risk Ahead; How to bypass or ...
Disable or Bypass Firefox Potential Security Risk Ahead warning message ... This warning is displayed if there is s problem with the security ......
Read more >Did Not Connect: Potential Security Issue : r/firefox - Reddit
Clean install on Windows 10. Every page says: Did Not Connect: Potential Security Issue Firefox detected a potential security threat and did ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hi @simbamarufu1,
This will be fixed through build-push-action v2 (#92) and more precisely the login-action if you want to try it.
We are looking into the best way to handle these credentials, thanks for the report. The file will indeed be available later, unless you logout or remove it.