Artifacts with credentials and api keys visible for logged out users

android
envars
artifacts

#1

Hello,

I use some environment variables for my builds (gradle builds) that contains testing credentials, and api keys.
I had some memory usage errors, and now these credentials are visible for anyone (The artifacts tag isn’t visible for the logged out users, but it can be accessed by changing the url).

Is there some solution for this ?
Is there some way I can delete these artifacts (I know I can’t delete builds), because this is really problematic.

Thanks for the help.


#2

Hello,

Any news on this ?
Any way to fix it ?


#3

It looks like a serious security bug. UI is hiding the values but if you include it in the script, it gets shown in the log even for anonymous users :open_mouth:


#4

The first post here isn’t particularly clear. Are keys exposed by virtue of the memory usage errors?

Would you add a more substantial explanation and/or screenshots to demonstrate the issue?


#5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.