TeamCity Security Questions...

1. Is it going to be possible to run TC over https out of the box? I can see this becoming an issue for some of my more paranoid clients.

2. What is the most secure way to provide properties such as usernames/passwords to a build?

- If I specify properties against the build configuration through the front end, then all developers with access to the project can see them (via view configuration) - which is not something I want to happen.

- Using CruiseControl, I'd normally put these in a file. CruiseControl runs under a user that only admins have access to and therefore the properties remain somewhat secure. I can't do this with TC because builds that do a 'clean' will remove the properties file also.

Ideally, I'd like to be able specify these properties through the front end (because it's quick and easy) but I'd like to be able to mark some of them as private.

Feedback/workarounds would be appreciated and if required I'll raise a feature request.



Comment actions Permalink

Have created a change request:

Thinking about this, we should be able to fully configure the build through the front end without having to go and create server side files or environment variables.

Comment actions Permalink

i install TC using war.
i just deploy it to a previously configured tomcat with https enabled.

works fine except that buildAgent cannot recognize the server via https urls. so i have to expose a 8080 connector in my internal network so that my buildAgents can connect via http. however this causes another problem where the emails sent use the http url in the instead of the https url.
i basically have to tell all my users to not use the link in the build result emails

i've already opened an issue about this

hopefully the fix will arrive soon :D


Please sign in to leave a comment.