Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage
Highlighted

manage secrets with Bamboo Yaml specs 2.0 Edited

ozbillwang
ozbillwang Dec 12, 2019

with latest bamboo yaml specs 2.0, we are able to manage secrets variables with Bamboo Specs Encryption 

But the problem is, if the raw encryption is committed in source code as yaml specs, anyone who has read-only permission on its repository (git/stash/bitbucket) will be possible to re-use it. 

One user case is, I'd like to run deployment (IaC) with AWS account, so I need manage  aws api keys as secrets, and this aws api key has aws admin permission

Because of the bamboo specs variable encryption, anyone who can see the file `bamboo-specs/bamboo.yaml`, can copy and paste in his/her own yaml specs and will get full control on my aws accounts. 

This will be a big risk. 

In gitlab, travis, circleci, the secrets management is in seperate setting. It is not directly managed in yaml pipeine, it has settting that you can add secrets easily for that pipeline. 

When I am thinking how bamboo can handle this security concern, I found there are only two places we can manage secrets, global variables or build plan/deployment environment.

If we can manage secrets in project level, then each team (to each project) will be possible to manage their own secrets in small team, more than setting the secrets to global and can be used widely at enterprise level. 

Comment
Watch
Like Paul O'Brien likes this

1 comment

Boris Van Hardeveld
Boris Van Hardeveld Feb 18, 2020

@ozbillwang I have create a plugin which might be of interest to you. It essentially allows you to manage your secrets external to Bamboo, and refer to them using plain text. Please find it at https://marketplace.atlassian.com/1221965. I would really appreciate any remarks, questions or feedback you might have.

Like
Reply

Comment

Log in or Sign up to comment
Bamboo
Bamboo
TAGS
Community showcase
Martyna Wojtas
Martyna Wojtas
Published in Bamboo

Bamboo 7.2 is here!

I'm happy to announce that Bamboo 7.2 has been released and it’s overflowing with awesome new features. This will be the last major Server release before the launch of Bamboo DC. Bamboo logs We...

193 views 4 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you