Current known issues โ€” Please read this before posting a new topic

@BanzaiMan: yes, that was suggested above. Unfortunately in my case I want to keep the secrets secret :sweat_smile:.

2 Likes

Secret environment variables are not obfuscated on Windows

Was this enabled by default? This seems rather risky, to risk leaking peoples secrets without them explicitly opting in and knowing about it :scream_cat:

Also, is this a temporary limitation, or will it always be this way?

1 Like

Note that secrets obfuscation has always been best-effort. (The log viewer may be able to obfuscate the values on Linux/OSX, but in general it isnโ€™t possible to prevent Turing-complete rogue code from sending them over the network to a third-party.) While Travis doesnโ€™t make secrets available to external pull requests, it is still up to you to review pull requests for any rogue secret-exposing code before merging them in (after which that code will get to see your secret variables).

So no security risk right now, provided that project members with approval/merging rights are doing their due diligence on external code.

So no security risk right now, provided that project members with approval/merging rights are doing their due diligence on external code.

Today the secrets are obfuscated on Linux and macOS (Iโ€™m talking about generally in logs, and not from malicious PRs). If someone sees you support Windows and enables it without reading through all of this forum/thread, they would not know that secret obfuscation has been deliberately disabled.

It seems very easy for someone to turn on Windows support and not realise that secrets they thought were being obfuscated are not. If you canโ€™t support it, IMO it would be better to error the job explaining itโ€™s not supported and let them explicitly opt-in to having it off. It just seems very dangerous to be leaking secrets when a user believes they are being obfuscated.

Any movement on windows debug builds?