Skip Navigation

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets

cloud.google.com Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets | Google Cloud Blog

Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets | Google Cloud Blog
1
1 comments
  • @kid TL;DR: If you have a secret variable in your CI/CD pipeline and it's written to a file that subsequently gets artifacted, anyone who can access that artifact can also read your secret variable.

    Feels like a "no shit" moment but I guess I can see how someone could make this mistake in a more complicated setup than the example in the blog.