gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-07 02:03:45 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

Browse Source
This commit is contained in:
Translator
2024-12-31 20:29:08 +00:00
parent 2753c75e8b
commit 396dbafaf2
245 changed files with 9878 additions and 12609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/pentesting-ci-cd/travisci-security/basic-travisci-information.md
View File

@@ -2,47 +2,44 @@
{{#include ../../banners/hacktricks-training.md}}
## Access
## Toegang
TravisCI directly integrates with different git platforms such as Github, Bitbucket, Assembla, and Gitlab. It will ask the user to give TravisCI permissions to access the repos he wants to integrate with TravisCI.
TravisCI integreer direk met verskillende git platforms soos Github, Bitbucket, Assembla, en Gitlab. Dit sal die gebruiker vra om TravisCI toestemming te gee om toegang te verkry tot die repos wat hy wil integreer met TravisCI.
For example, in Github it will ask for the following permissions:
Byvoorbeeld, in Github sal dit vir die volgende toestemmings vra:
- `user:email` (read-only)
- `read:org` (read-only)
- `repo`: Grants read and write access to code, commit statuses, collaborators, and deployment statuses for public and private repositories and organizations.
- `user:email` (slegs lees)
- `read:org` (slegs lees)
- `repo`: Gee lees- en skryftoegang tot kode, verbintenisstatusse, samewerkers, en ontplooiingstatusse vir openbare en private repositories en organisasies.
## Encrypted Secrets
## Geënkripteerde Geheime
### Environment Variables
### Omgewing Veranderlikes
In TravisCI, as in other CI platforms, it's possible to **save at repo level secrets** that will be saved encrypted and be **decrypted and push in the environment variable** of the machine executing the build.
In TravisCI, soos in ander CI platforms, is dit moontlik om **geheime op repo vlak te stoor** wat geënkripteer gestoor sal word en **ontsleutel en in die omgewing veranderlike** van die masjien wat die bou uitvoer, gepush sal word.
![](<../../images/image (203).png>)
It's possible to indicate the **branches to which the secrets are going to be available** (by default all) and also if TravisCI **should hide its value** if it appears **in the logs** (by default it will).
Dit is moontlik om die **takke aan te dui waartoe die geheime beskikbaar gaan wees** (standaard is dit alles) en ook of TravisCI **sy waarde moet wegsteek** as dit **in die logs** verskyn (standaard sal dit).
### Custom Encrypted Secrets
### Pasgemaakte Geënkripteerde Geheime
For **each repo** TravisCI generates an **RSA keypair**, **keeps** the **private** one, and makes the repositorys **public key available** to those who have **access** to the repository.
You can access the public key of one repo with:
Vir **elke repo** genereer TravisCI 'n **RSA sleutelpaar**, **hou** die **privaat** een, en maak die repository se **publieke sleutel beskikbaar** vir diegene wat **toegang** tot die repository het.
Jy kan die publieke sleutel van een repo met toegang:
```
travis pubkey -r <owner>/<repo_name>
travis pubkey -r carlospolop/t-ci-test
```
Then, you can use this setup to **encrypt secrets and add them to your `.travis.yaml`**. The secrets will be **decrypted when the build is run** and accessible in the **environment variables**.
Dan kan jy hierdie opstelling gebruik om **geheime te enkripteer en dit by jou `.travis.yaml` te voeg**. Die geheime sal **ontsleuteld word wanneer die bou gedoen word** en toeganklik wees in die **omgewing veranderlikes**.
![](<../../images/image (139).png>)
Note that the secrets encrypted this way won't appear listed in the environmental variables of the settings.
Let daarop dat die geheime wat op hierdie manier geënkripteer is, nie in die omgewing veranderlikes van die instellings gelys sal word nie.
### Custom Encrypted Files
Same way as before, TravisCI also allows to **encrypt files and then decrypt them during the build**:
### Pasgemaakte Geënkripteerde Lêers
Op dieselfde manier as voorheen, laat TravisCI ook toe om **lêers te enkripteer en dit tydens die bou te ontsleutel**:
```
travis encrypt-file super_secret.txt -r carlospolop/t-ci-test
@@ -52,7 +49,7 @@ storing secure env variables for decryption
Please add the following to your build script (before_install stage in your .travis.yml, for instance):
openssl aes-256-cbc -K $encrypted_355e94ba1091_key -iv $encrypted_355e94ba1091_iv -in super_secret.txt.enc -out super_secret.txt -d
openssl aes-256-cbc -K $encrypted_355e94ba1091_key -iv $encrypted_355e94ba1091_iv -in super_secret.txt.enc -out super_secret.txt -d
Pro Tip: You can add it automatically by running with --add.
@@ -60,37 +57,32 @@ Make sure to add super_secret.txt.enc to the git repository.
Make sure not to add super_secret.txt to the git repository.
Commit all changes to your .travis.yml.
```
Note that when encrypting a file 2 Env Variables will be configured inside the repo such as:
![](<../../images/image (170).png>)
## TravisCI Enterprise
Travis CI Enterprise is an **on-prem version of Travis CI**, which you can deploy **in your infrastructure**. Think of the server version of Travis CI. Using Travis CI allows you to enable an easy-to-use Continuous Integration/Continuous Deployment (CI/CD) system in an environment, which you can configure and secure as you want to.
Travis CI Enterprise is 'n **on-prem weergawe van Travis CI**, wat jy kan ontplooi **in jou infrastruktuur**. Dink aan die bediener weergawe van Travis CI. Deur Travis CI te gebruik, kan jy 'n maklik-om-te-gebruik Kontinuïteitsintegrasie/Kontinuïteitsontplooiing (CI/CD) stelsel in 'n omgewing inskakel, wat jy kan konfigureer en beveilig soos jy wil.
**Travis CI Enterprise consists of two major parts:**
**Travis CI Enterprise bestaan uit twee hoofdele:**
1. TCI **services** (or TCI Core Services), responsible for integration with version control systems, authorizing builds, scheduling build jobs, etc.
2. TCI **Worker** and build environment images (also called OS images).
1. TCI **dienste** (of TCI Kern Dienste), verantwoordelik vir integrasie met weergawebeheer stelsels, die autorisering van boue, die skedulering van bouwerk, ens.
2. TCI **Werker** en bou omgewing beelde (ook genoem OS beelde).
**TCI Core services require the following:**
**TCI Kern dienste vereis die volgende:**
1. A **PostgreSQL11** (or later) database.
2. An infrastructure to deploy a Kubernetes cluster; it can be deployed in a server cluster or in a single machine if required
3. Depending on your setup, you may want to deploy and configure some of the components on your own, e.g., RabbitMQ - see the [Setting up Travis CI Enterprise](https://docs.travis-ci.com/user/enterprise/tcie-3.x-setting-up-travis-ci-enterprise/) for more details.
1. 'n **PostgreSQL11** (of later) databasis.
2. 'n infrastruktuur om 'n Kubernetes-kluster te ontplooi; dit kan in 'n bedienerkluster of op 'n enkele masjien ontplooi word indien nodig.
3. Afhangende van jou opstelling, wil jy dalk sommige van die komponente op jou eie ontplooi en konfigureer, bv. RabbitMQ - sien die [Instelling van Travis CI Enterprise](https://docs.travis-ci.com/user/enterprise/tcie-3.x-setting-up-travis-ci-enterprise/) vir meer besonderhede.
**TCI Worker requires the following:**
**TCI Werker vereis die volgende:**
1. An infrastructure where a docker image containing the **Worker and a linked build image can be deployed**.
2. Connectivity to certain Travis CI Core Services components - see the [Setting Up Worker](https://docs.travis-ci.com/user/enterprise/setting-up-worker/) for more details.
1. 'n infrastruktuur waar 'n docker beeld wat die **Werker en 'n gekoppelde boubeeld kan ontplooi**.
2. Verbondenheid met sekere Travis CI Kern Dienste komponente - sien die [Instelling van Werker](https://docs.travis-ci.com/user/enterprise/setting-up-worker/) vir meer besonderhede.
The amount of deployed TCI Worker and build environment OS images will determine the total concurrent capacity of Travis CI Enterprise deployment in your infrastructure.
Die hoeveelheid ontplooide TCI Werker en bou omgewing OS beelde sal die totale gelyktydige kapasiteit van Travis CI Enterprise ontplooiing in jou infrastruktuur bepaal.
![](<../../images/image (199).png>)
{{#include ../../banners/hacktricks-training.md}}