How is this not already a thing? In GitHub, we have users with read only permissions, but now either of these users can now access credentials and write to production?????
No, read-only users can't trigger jobs, including SSH. This feature would restrict this to only admins and owners, instead of the current behavior of all users with write or push access to the repo.
This feature idea always come up on our internal security discussions. Af of now, too many people can SSH into our jobs and just "$ echo" all the secrets.
This seems like something we should be able to do. enable/disable access to a user role/group to SSH into a job. We don't want users to be able to just print all env variables.
Big security issue for such a long time, why haven't been fixed
lots of people discussed this critical issue, why circleci don't care about this?
You won't be notified about changes to this idea.