Comment by amluto
13 hours ago
There is something wrong with the industry in which we think that, when a production build requires SSH keys, the problem is that the keys might leak into the build artifact.
13 hours ago
There is something wrong with the industry in which we think that, when a production build requires SSH keys, the problem is that the keys might leak into the build artifact.
Keys leaking into the build artifact was never the concern.
It's about not having the private keys stored unknowingly in intermediate layers of a build container.