Github Recovery_CERTIFICATE_PASSWORD
Closed this issue · 5 comments
Hello Rexiox80,
GitHub is a truly awesome service but to put any sensitive data like SSL certificate path, password with CN number make visible on GitHub create vulnerability for end to end communication, which might create man in the middle attack.
Please find the below link;
https://github.com/Rexios80/Health-Data-Server-Overlay.git
POC:
certificate_path: windows\fluttercertificate.pfx
110 | certificate_password: f>G@wtohG7]Y
111 | publisher: CN=3DC3FAF1-ABA5-4AAC-856A-275AF0D1C0B4
Regards,
Tushar Sawant
sawant.t.23@gmail.com
+91-9561345722
If you can figure out how to use environment variables to get that done in the pubspec and GitHub Actions be my guest
Also it’s not used for communication just signing. And the Microsoft store signs with a different certificate anyways I’m pretty sure.
Actually there's a way to run the msix generation command with parameters. I'll just get it done.
Generated a new certificate with a different password and used GitHub secrets to store them