Hey guys,
I couldn’t find anything on the docs regarding this problem so I’ll post here.
A developer in my org posted some aws keys on some builds. After we revoked those, he reached me out to delete the builds. I couldn’t do it.
Anyone has been through the same problem?
Do you mean you want to delete entries in the Jobs section of the UI? I don’t think one can do that, I’d guess they are meant to be non-deletable for audit trail purposes.
What problem are you actually trying to solve? If the keys are exposed in the console output of a run step, does it matter if they keys are revoked?
@halfer That’s exactly right.
The security exposure it’s already resolved with the revocation of the keys.
Now it’s a question about security posture. I don’t want other people seeing this and thinking that is ok to leave sensible data exposed. This is aligned with the security culture on our company.
Make sense?
I see what you mean, but I am not sure I agree. I think the ability for someone to run a job (e.g. a deployment) and then to delete the audit trail is a more serious security risk than allowing revoked keys to be viewed.
Of course, it is good to arrange jobs so that keys are not rendered in the console output.
No worries. You can still suggest it on the ideas list if you wish, but it would be worth noting my objection in your proposal. Perhaps there is a solution to that.