Managing personal data for Continuous Delivery
You can modify, export, or delete personal data from IBM Cloud® Continuous Delivery.
Personal data is any information that relates to or identifies a natural person. For example, personal data can be a name, email address, avatar, token, or any number of identifiers that are used with Continuous Delivery. The following Continuous Delivery components contain personal data:
- Git Repos and Issue Tracking
- Continuous Delivery Pipelines
- Toolchains and tool integrations
- IBM Cloud® DevOps Insights
IBM does not manage data in the Continuous Delivery service. Before you leave the Continuous Delivery service that is hosted in IBM Cloud Public, you must delete your own data.
Continuous Delivery provides the appropriate permissions to manage data within a resource group. Your company might have policies that limit these permissions. If you don't have the appropriate permissions, contact the administrator for your IBM Cloud account.
To manage your personal data, you must understand IBM Cloud accounts, how these accounts are used, and their associated access rights.
Accounts and access rights
To work in IBM Cloud, you must log in with a username and password. When you log in, IBM Cloud associates at least one IBM Cloud account with your user credentials. When you create resources such as resource groups, toolchains, and Continuous Delivery objects, they are associated with an IBM Cloud account.
The IBM Cloud login structure provides you with the option to work in different accounts. Using the IBM Cloud user interface, you can switch from one account to another. When you log in, any of the following types of accounts might be associated with your user credentials:
- Personal account
- Corporate account
- Corporate individual account
Personal accounts
Typically, each user has their own account that is their personal account. You can easily identify your personal account because it usually contains your name, for example, John Smith's Account.
You have full rights over all objects that are created in your personal account. You can invite other users to join your account, assign them rights over objects that you create, and assign them rights to create objects in your account. Because of these rights, the personal data of other users might be in your account, and your personal data might be in other user's accounts.
If you have permission to create an object in an account, you also have the right to modify and delete it, regardless of which account the object is stored in. When two users collaborate, they often share a personal account.
Corporate accounts
A corporate account is set up by your company. Typically, you are added automatically to the account, rather than being invited. Although corporate accounts provide users with a place to work, communicate, and share resources and charging, this set up is just a convention. A corporate account is really no different than a personal account. Objects that are created in a corporate account are associated with the account and users can be invited to the account.
Teams of people who work for a corporation often collaborate by using a corporate account.
Corporate individual accounts
When you work for a corporation, the work in your account might be legally owned by the corporation. Many users who work for a corporation have a corporate individual account. If you log in to your account by using credentials that contain your corporation's name and also have what appears to be a personal account, the work within your personal account might belong to the corporation.
A corporate individual account is no different from any other account. You can invite users to a corporate individual account and objects that are created in a corporate individual account are owned by the account.
If you work for a corporation that owns your work, a personal account that usually contains your name is considered a corporate individual account.
Modifying, exporting, and deleting personal data
Regardless of what type of IBM Cloud account is used, if you have rights to the objects in the account, you can modify, export, and delete them. Before you make changes, coordinate with other users to make sure that you don't unnecessarily modify or delete data.
Before you delete data from an account, determine whether it is a personal account or a corporate individual account.
Personal account
If you own a personal account, you can make changes and delete your data. If you share your account with another user, you own the data, but you might want to contact them about the shared work.
If you can't log in to your IBM Cloud account, contact IBM Support.
Corporate individual account
If you own a corporate individual account, you must coordinate any changes with both your corporation and other members of your team. Delete your personal data regardless of whether it is stored in a corporate account or a corporate individual account. Make sure that you don't delete work that you shared with other users.
Before you start to manage your personal data for the Continuous Delivery components, make sure that you are working in your IBM Cloud account. To view the IBM Cloud account that you are currently working in, on the menu bar, click your profile avatar.
If you can't log in to your IBM Cloud account, contact your corporation, and work with them to delete your personal data.
If you want to delete all of your personal data from Continuous Delivery, the order in which you delete that data is important. First, delete your Git Repos and Issue Tracking data, and then delete your Git Repos and Issue Tracking account. Finally, delete your delivery pipelines, tool integrations, and toolchains.
Modifying, exporting, and deleting Git Repos and Issue Tracking data
Git Repos and Issue Tracking provides a hosted Git service in the cloud. A single sign-on mechanism is used to associate your IBM Cloud account with a Git account. A full name and a short name are created for you in your Git account. Other users can use your short name to refer to you in a comment within a Git issue. You can customize your Git account and add personal data such as a description of yourself or an image.
Git Repos and Issue Tracking provides a powerful, but complex social coding environment in which users contribute to different projects and objects are shared. This environment can make it difficult to locate and delete your personal data.
Your account profiles and settings, personal projects, groups, and snippets are associated with your Git account. If you delete your Git account, these objects are deleted. To delete personal data in another project, go to the project, and then modify it to remove your personal data, or delete the project entirely. Make sure that you coordinate with other members of your team before you delete shared projects.
Before you delete your Git account, delete your personal data from other projects. After you delete your Git account, it might be difficult, or impossible to find all of the projects that you contributed to.
Exporting a Git Repos and Issue Tracking project
Before you delete a Git Repos and Issue Tracking project, you can export the project to archive it.
- Click the Settings icon in the navigation sidebar.
- Click General.
- Click Expand to expand the Export project section.
- Click Export project.
After the project is archived, you can import it into another GitLab instance.
Deleting your Git Repos and Issue Tracking account
You can delete your Git Repos and Issue Tracking account and most of the things that are owned by that account.
- On the Git Repos and Issue Tracking User Settings dashboard, on the Account page, in the Delete account section, click Delete account.
- All Git projects, including repositories and issues are deleted. You are also removed from any Git Repos and Issue Tracking groups that you belong to.
After your account is deleted, some content will remain. This content is assigned to a system-wide Ghost User. For example, comments that you added to an issue remain, but they are attributed to the Ghost User. To delete all of the content that you authored, contact IBM Support
Git Repos and Issue Tracking uses a single sign-on mechanism that automatically creates a corresponding Git account for your IBM Cloud account the first time that you access the tool integration. After you delete your account, do not access Git Repos and Issue Tracking. If you access Git Repos and Issue Tracking again, a new account is automatically created that you must delete.
Modifying, exporting, and deleting Continuous Delivery pipeline data
Continuous Delivery provides two different types of pipelines: Classic and Tekton. These pipelines run scripts to build, test, and deploy your application to the IBM Cloud by providing stages and tasks, jobs and steps, environment variables, and other objects that might contain personal data. You can delete these objects individually or you can delete an entire pipeline.
Make sure that you coordinate with other members of your team before you delete shared objects or pipelines. Deleting shared objects might cause a pipeline to fail.
A pipeline cannot exist outside of a toolchain. If you delete a toolchain, all of the pipelines that are associated with the toolchain are also deleted. If you plan to delete an entire toolchain, you do not need to delete each pipeline individually. Instead, go to the "Modifying and deleting toolchains and tool integrations" section, and follow the steps to delete a toolchain.
Classic pipelines
Classic pipeline stages might include personal data such as credentials in the form of environment properties, and a pipeline definition that shows the current state of the pipeline. Stages might also include scripts inside jobs that you want to modify or delete, and artifacts and logs for the most recent pipeline runs that you want to export. Use the Configure Stage or Delete Stage actions to modify or delete a stage. Use the Download action to export artifacts or logs from a stage.
Modifying a Classic pipeline stage
To modify a pipeline stage:
-
On the Pipeline page, click the Settings icon.
-
Click Configure Stage.
-
On the ENVIRONMENT PROPERTIES tab, edit or delete properties.
-
Modify a job script within the pipeline stage. Select the job and change the values that are part of the Build, Deploy, or Test Configuration.
-
Delete a job from the pipeline stage. On the JOBS tab, select the job that you want to delete and click Remove.
Exporting a Classic pipeline stage
To export the definition for an entire pipeline, append /yaml
to the pipeline URL:
https://cloud.ibm.com/devops/pipelines/<pipeline id>/yaml?env_id=<region id>
Where <pipeline id>
and <region id>
are the values that are displayed in the pipeline page URL.
The resulting yaml file includes definitions of all of the pipeline stages.
To export artifacts and logs for a pipeline stage:
- On the Pipeline page, click View logs and history.
- Click the build number that you want to export artifacts and logs for.
- Click DOWNLOAD > Artifacts to export the artifacts for the selected build.
- Click DOWNLOAD > Logs to export the logs for the selected build.
Deleting a Classic pipeline stage
To delete a pipeline stage:
- On the Pipeline page, click the Settings icon.
- Click Delete Stage.
Tekton pipelines
Tekton pipelines might include personal data such as credentials in the form of environment properties or pipeline runs details. You can delete these runs, which removes the associated run details and logs. Use the Download action to export all of the data that is associated with the selected pipeline run.
Modifying a Tekton Pipeline
To modify a Tekton Pipeline definition:
- On the Pipeline Overview page, click Settings, and then click Definitions.
- Click Add to add a Git repo that was already added to the toolchain.
- Click the menu to access the options and click Edit or Remove to edit or remove an existing Git repo definition.
To modify the worker to use to run the Tekton Pipeline:
- On the Pipeline Overview page, click Settings, and then click Worker.
- Select any worker that was added to the toolchain or the public managed workers.
To modify the environment properties used by the tekton pipeline:
- On the Pipeline Overview page, click Settings, and then click Environment properties.
- Edit, add, or remove properties from the page.
For more information about modifying Tekton Pipelines, see Working with Tekton pipelines.
Deleting a Tekton Pipeline
To delete a Tekton Pipeline:
- From your toolchain's Overview page, on the Delivery pipelines card, go to your Tekton pipeline instance.
- Click the menu on your Tekton pipeline to access the configuration options and click Delete.
For more information about deleting Tekton pipelines, see the following topics:
Modifying and deleting toolchains and tool integrations
By using toolchains, teams can collaborate and share different tool integrations.
It is recommended that you configure all Continuous Delivery integrations by using data that is associated with your team or company, rather than data that is associated with you. However, in some instances your personal data might be inadvertently used instead. In such instances, you must identify all of the data that you own and delete it.
When a tool integration is created, Continuous Delivery cannot record the origin of all of the data. For example, another team member might create a tool integration for you by using personal data that you provide in an email. You must understand which data you own and make sure that it is deleted.
Coordinate with other members of your team before you delete shared tool integrations or toolchains.
Modifying and deleting tool integrations
When you create a tool integration, you must provide user credentials and other account information that pertains to the integration. If you used your own personal credentials and account information, replace this information with different values, or delete the tool integration.
For more information about modifying tool integrations, see the following documentation:
- Updating a tool integration by using the console
- Updating a tool integration with the API
- Updating a tool integration with Terraform
For more information about deleting tool integrations, see the following documentation:
Deleting toolchains
When you delete a toolchain, the deletion cannot be undone. Deleting a toolchain removes all of its tool integrations, including pipelines, which might delete resources that are managed by those tool integrations.
For more information about deleting toolchains, see the following documentation:
Deleting all toolchains
When you work by using the console, you cannot delete all of the toolchains within a resource group at the same time. You must delete each toolchain, one at a time.
By using the API, CLI, or Terraform, you can more readily delete multiple toolchains. For example, you can write a program or a script that iterates over a set of toolchains and deletes them by repeatedly calling the API or by running the
ibmcloud dev toolchain-delete
command. If you defined multiple toolchains in Terraform, you can delete the ibm_cd_toolchain
resource blocks and run terraform apply
, or you can use the terraform destroy
command to delete the toolchain resources.
Toolchains are scoped by IBM Cloud region and resource group. Make sure that you target each region and resource group in an account to delete every toolchain that you created in that account.