When a shell runners starts on a server with the command given at creation like:
./start.sh --accountUuid {XXXXXXXXXXXXXXXXXXXXX} --repositoryUuid {XXXXXXXXXXXXXXXXXXXXXXXX} --runnerUuid {XXXXXXXXXXXXXXXXXXXXXXXXXXX} --OAuthClientId XXXXXXXXXXXXXXXXXXXXXX --OAuthClientSecret XXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX --runtime linux-shell --workingDirectory ../temp
This exposes all the credentials to anyone using a communal server, where you can use ps or top to see this command get all the OAuthClientId, OAuthClientSecret, etc from the command running.
is there a way the runner can be started with this data in a file like /etc/runner.env or environment variables so it's not exposed via the process inspection tools?
Hi @Pritesh Tailor,
Thank you for reaching out to the community.
You can indeed save those credentials in multiple environment variables first before you run it.
This way, those credentials will not be plainly visible when you use ps or top commands.
For example:
./start.sh --accountUuid $RUNNERS_ACCOUNT_UUID --repositoryUuid $RUNNERS_REPO_UUID --runnerUuid $RUNNERS_UUID --OAuthClientId $RUNNERS_CLIENTID --OAuthClientSecret $RUNNERS_CLIENT_SECRET --runtime linux-shell --workingDirectory ../temp
Let me know if you have further questions.
Regards,
Mark C
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.