How to secure the repository accounts used in the CI/CD pipeline or Automation?

mydocker9002 · October 10, 2022, 1:50pm

Hello,
could anyone share some guidelines around this problem.
As the repository is accessible through the internet outside the company ,even for private repositories , an employee leaving organization can access the images (read/write) provided if he knows the user accounts used in the automation scripts. Assume this employee is a DevOps or a Developer its too easy to record the username/passwords before he leaves the company. There is a concept of Access Token but then these are still tied to the user-account. Two factor authentication can be enabled for human based login but not for automation jobs (e.g Jenkins/scripts) .
Thanks in advance.

Topic		Replies	Views
Recommended way to log into docker from automated build server for pushing images Docker Hub dockerhub	2	713	January 3, 2019
Working with private repositories Docker Hub	0	473	December 19, 2018
Automating the pull from a private repository General	3	831	August 27, 2016
Is it OK for a company to have one account that is shared? Docker Hub	0	860	October 1, 2016
Why the image repository pushed with credentials is public? Docker Hub	0	316	March 1, 2021

How to secure the repository accounts used in the CI/CD pipeline or Automation?

Related topics