Secure/Hidden/Protected variables

FinalBuilder Discussion
1

 

I have the need to include variables that are hidden/secure/encrypted/ whatever possible, from anything outside the current build and also does not show up in the log files.

We need this for implementting the following:
We want all our files in the build beeing signed with authenticode if run from the build server when doing a release build (or some special type build). For this to happen we need to specify the password for the pfx file.
We could put the password in a variable, but then the password would show up in logs, for example when running the action "Log Variable Values".
As we want this password to remain "secured", this prevents us from using variables. There are only very few in the organization that know the password, and we would like very much, if it does not float around in old log files and similar. Also in the future, when we expand the number of developers, we would like to have everyone to be able to initiate a "signed build", whithout them having the password and reading it in the logfile

Is anything like this possible in FB right now?

Or else I think this would be a very nice feature:

  • Secure variables in FB, that are only valid during one build session, and which can be passed to included build scripts.
  • Or maybe some "One build key" (like "one time key") which can be used to encrypt and decrypt variables during build. And even a tag that can be used instead of the % in parameters, to specify that the variable should be decrypted before use. So you could use something like %$mysecurevar$#

 

2

I had exactly the same requirement for signing files and the approach I took was to have code in applicable actions script like this:

Action.SuppressStatusMessages = !Logging.IsDebug(); 

Note: Logging is an object I create in the projects global script, and I could also use  the newer Action.HideActionFromLog property now for complete hiding of an action.

It's not exactly ideal and you have to remember to use it in all applicable actions (plus need a debug mode!) but it does the job.  However some support in FinalBuilder for secure variables and restriction on logging password fields in actions would be much nicer.

3

Hi Christoph

There is a relatively simple solution to this. Create an ini file where you want to store your passwords. Then use the String Encryption Action to encrypt your password and then write it out to your ini file. Then in your actual build process, read the value from the ini file and decrypt it using the String Encryption action. Note that while the encryption is not strong(it uses the BlowFish algorithm) it is probably strong enough for most uses (if you need strong encryption then you will need to use and external tool).

The Authenticode action does not log the password used.

HTH