CircleCI Ideas

Internal or protected config.yml for build workflows with sensitive variable requirements

In some circumstances (terraform development) it would be beneficial to be able to prevent build execution if the config.yml was modified in a pull request. The alternative method for this would be to have the ability to centralize the config.yml in CircleCI where it can only be modified by repository administrators. This allows risky operations like supplying AWS credentials for the terraform AWS provider to the container without the risk of leaking them.

In the present scenario this is impossible, as the config.yml can be modified by any pull request even before approval or review. The benefit to an implementation like this, is that repository owners can maintain the configuration exclusively and maintain maximum openness for pull requests.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 5 2019
  • New
  • Attach files