Add prefix to trigger tokens
What does this MR do and why?
Closes #371396 (closed)
This MR adds a prefix to the pipeline trigger tokens to make them easier to detect and prevent incidents. See #371396 (comment 1070889693) if you're thinking "won't that also make the tokens easier to find for attackers?" (which is a reasonable thought to have!)
Screenshots or screen recordings
First token was created before the change, second was created after. Both should work.
(those are tokens for my local instance and already revoked)
How to set up and validate locally
- Go to a project's CI/CD settings
- Create a trigger under the Pipeline Trigger section
- Observe that the trigger has the
glptt-
prefix
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Dominic Couture