Closed
Description
The Segment token is added to the binary and build time. This will need to be sourced from a secure location that can be accessed from Werft.
From a defensive coding point of view, we should assume that this token can be read by nefarious actors. To that end, the token should be limited to adding new data to a specific location only - no reading/updating/deleting of data is to be permitted whatsoever.
In components/installation-telemetry/BUILD.yaml
, an argdeps
should be added with the token so that it's rebuilt when it changes.