robin/attic-action
1
0
Fork 0
mirror of https://codeberg.org/icewind/attic-action.git synced 2026-06-03 17:44:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

README: clarify on security

Browse source
This commit is contained in:
Domen Kožar 2020-04-24 12:41:50 +02:00 committed by GitHub
commit 03b6d2e977
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
README.md
View file

@ -56,7 +56,16 @@ jobs:
See [action.yml](action.yml) for all options.
---
## Security
Cachix auth token and signing key need special care as they give read and write access to your caches.
[As per GitHub Actions' security model](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#using-encrypted-secrets-in-a-workflow):
> Anyone with write access to a repository can create, read, and use secrets.
Which means all developers with push access can read your secrets and write to your cache.
## Hacking