Build security and source upload

#1

hello, can I get some ideas on how secure the build process is?
if I include sensitive/personal information in my code how is this data managed by the build process?
I assume when I execute a “mos build” it uploads all my source code.
What safeguards are in-place to protect that data?

#2

Can’t comment on the cloud build tool, but if you were concerned about security I’d be using the --local option

#3

Your source code (I’m not sure but I think I read that) goes encrypted, but the guys at Cesanta that surely know a lot more than you and me put together (plus a bunch of others too) could probably take a peek at it: I don’t they’d have the motivation to do it. Just don’t put credentials in your source code (except perhaps when developing and those are limited access credentials you usually use for that purpose and that purpose only), flash credentials on your device only when commissioning and the process involves communication to the cloud provider via their tool, which is usually encrypted.
Local build uses a docker image, that should be “safe” but I don’t know much about that.