What are the best practices for CI/CD tools performing privileged actions on a remote server?
When using CI/CD tools (such as jenkins or octopus deploy) how do companies follow best security practices when you need to perform privileged actions on a remote server as part of your build/deployment process?
For example if I want to run a powershell script on a remote server I would either need to install an agent on that server with elevated permissions to run powershell or give the build/deploy server remoting permissions to execute powershell. This would mean if the controller was to be compromised all agents/server it has remoting permissions to could potentially be compromised as well.
Do companies take on this risk in exchange for the flexibility the CI/CD tools provide or is there a good way to prevent/mitigate lateral attacks like this?
