My Question on security #88
-
|
Hi Team, Through the event, I got to know that I can use my cURL (let's say GET call) to fetch the data and on a continuous run I can use https://github.com/marketplace/actions/github-action-for-curl as an action. Now my question here is that while making the call I do pass Key and Access Token and the seek I'm looking here is that will my Oauth can be seen by all? OR will it be decrypted so that none can use it further? I would like to know what security has been build so that none can check what token I am passing but the parameter can be seen. Please note I am not referring to any 3rd party app here such as Postman or another tool where I would be passing Bearer token or Auth Token. In CLI when I am doing an action method how does the security can be assured? Also, can I get the audit of my call/to publish? Looking forward to hearing from you. Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yes, you could perform this using GitHub Actions. An Action spins up a linux/windows/mac container with most popular binaries installed. You could execute your commands using the run option. |
Beta Was this translation helpful? Give feedback.
-
|
Hey, Thank you, Maneesh @msupernaut |
Beta Was this translation helpful? Give feedback.
Yes, you could perform this using GitHub Actions. An Action spins up a linux/windows/mac container with most popular binaries installed. You could execute your commands using the run option.
To pass any tokens into your Actions workflows that are sensitive, we would recommend adding them as secrets to your Repository. To learn more about Secrets - check this page out. Secrets will not be decrypted nor be published in plain text.