© Moritz Lenz 2019
Moritz LenzPython Continuous Integration and Deliveryhttps://doi.org/10.1007/978-1-4842-4281-0_12

12. Security

Moritz Lenz1 
(1)
Fürth, Bayern, Germany
 

What’s the impact of automated deployment on the security of your applications and infrastructure? It turns out there are both security advantages and things to be wary of.

12.1 The Dangers of Centralization

In a deployment pipeline, the machine that controls the deployment must have access to the target machines where the software is deployed. In the simplest case, there is a private SSH key on the deployment machine, and the target machines grant access to the owner of that key.

This is an obvious risk, because an attacker gaining access to the deployment machine (the GoCD agent or ...

Get Python Continuous Integration and Delivery: A Concise Guide with Examples now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.