Secure Builds with Credential Helpers
Secure and reproducible builds are something we'd all like, and something many of us work on regularly.
One area that is frequently overlooked in the topic is how to securely provide credentials for external services used during a build. Systems often fall back to insecure methods like passing them on the command-line or storing them in plaintext on disk.
In this post, we will provide an overview of common authentication mechanisms and why they should not be considered secure, and then introduce Credential Helpers and how they do provide secure builds.