What’s the impact of automated deployment on the security of your applications and infrastructure? It turns out there are both security advantages and things to be wary of.
12.1 The Dangers of Centralization
In a deployment pipeline, the machine that controls the deployment must have access to the target machines where the software is deployed. In the simplest case, there is a private SSH key on the deployment machine, and the target machines grant access to the owner of that key.
This is an obvious risk, because an attacker gaining access to the deployment machine (the GoCD agent or ...