Limit token exposure (!5031) · Merge requests · GitLab.org / gitlab-runner

Hannes Hörl requested to merge hhoerl/no-cred-leaks into main Sep 24, 2024

What does this MR do?

This MR removes the job token, which has previously been stored in different places in the git configuration. git now uses the the token from the environment, via a git credentials helper we set up once.

Why was this MR needed?

To limit unintentional exposure of the job token.

What's the best way to test this MR?

Run a job

e.g. with the command 'git config -l'
e.g. with the env vars
- GIT_TRACE=1
- GIT_CURL_VERBOSE=1
- GIT_TRANSFER_TRACE=1

and see, that

git does not have the job token configured
git has a credentials helper configured, which on-demand pulls the token from the environment
any other place where the job token leaks into the build output is MASKED (as has been previously)

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab/-/issues/474043
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29655

Edited Oct 03, 2024 by Hannes Hörl

Limit token exposure

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports