-
Notifications
You must be signed in to change notification settings - Fork 38
security
Usernames and passwords can be entered to allow Nevergreen to authenticate itself with your CI server. Any passwords entered will be sent to the Nevergreen server for encryption, only the encrypted value will be stored in local storage. Usernames will get stored in plain text.
IMPORTANT: nevergreen.io currently uses standard http and not https which means your password could be read during the call to encrypt it!
The username and encrypted password gets sent to Nevergreen during API calls for projects. The password gets decrypted and passed onto your CI server to authenticate Nevergreen as the given user.
IMPORTANT: If the url to your cctray xml is not https then your password could be read during the call from Nevergreen to your CI server!
You should create a new read only user specifically for Nevergreen. See the help documentation for your CI server to see how to do this.