For anyone considering triggering builds via API as a way to extract sensitive information from build - that’s not going to work. Build that was triggered via API can be rerun with SSH and it will have access to the pipeline parameters that were passed via API on the first run.
@KyleTryon I would like to join Brian in asking if CircleCI has a recommended best practice for securing sensitive data (including from users with write access to the repository)?
I’d also like to know if perhaps something has changed since this thread was started and there now is a way to disable ability to “rerun with SSH” for certain builds?
