Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Key Vault] Redact test values that trigger CredScan warnings #17443

Closed
mccoyp opened this issue Mar 19, 2021 · 3 comments
Closed

[Key Vault] Redact test values that trigger CredScan warnings #17443

mccoyp opened this issue Mar 19, 2021 · 3 comments
Assignees
@mccoyp
Labels
Client This issue points to a problem in the data-plane of the library. KeyVault test-enhancement
Milestone
Backlog

Comments

@mccoyp
Copy link
Member

mccoyp commented Mar 19, 2021

Some values in Key Vault test recordings, which aren't sensitive per their test resource status, trigger warnings during credential scans. Here is an example of a warning generated because of a test certificate's value.

These certificate contents have been labeled as permissible since they're not sensitive, but we should still redact these contents from recordings where possible.
@mccoyp mccoyp added KeyVault Client This issue points to a problem in the data-plane of the library. test enhancement labels Mar 19, 2021
@mccoyp mccoyp added this to the [2021] May milestone Mar 19, 2021
@mccoyp mccoyp self-assigned this Mar 19, 2021
@mccoyp mccoyp modified the milestones: [2021] May, [2021] June Apr 20, 2021
@mccoyp mccoyp mentioned this issue Apr 22, 2021
Merged
@mccoyp mccoyp modified the milestones: [2021] June, [2021] July May 26, 2021
@mccoyp mccoyp modified the milestones: [2021] July, [2021] August Jul 3, 2021
@mccoyp mccoyp modified the milestones: [2022] February, [2022] March Feb 15, 2022
@mccoyp mccoyp modified the milestones: [2022] March, [2022] April Mar 1, 2022
@mccoyp
Copy link
Member Author

mccoyp commented Apr 4, 2022

Moving into a milestone where we re-record with the new test proxy system.

@mccoyp mccoyp removed this from the [2022] April milestone Apr 4, 2022
@mccoyp mccoyp added this to the [2022] May milestone Apr 4, 2022
@mccoyp mccoyp modified the milestones: [2022] May, [2022] June Apr 27, 2022
@mccoyp
Copy link
Member Author

mccoyp commented May 18, 2022

Moving to backlog for more investigation at a later time. Redacting certificate values would be straightforward with body key sanitizers that sanitize cer, csr, and value fields in azure-keyvault-certificates recordings (which currently contain test certificate content). Trying this caused failures in playback tests, though:

msrest.exceptions.DeserializationError: Unable to deserialize response data. Data: certificate-content, bytearray, Error: Incorrect padding

Certificate operations need to be able to be decoded from responses into a CertificateOperation object, and this seems to require correct certificate information in recordings. For the time being, I can't think of a straightforward way to sanitize our recordings in a functional way.

@mccoyp mccoyp modified the milestones: [2022] June, Backlog May 18, 2022
@mccoyp
Copy link
Member Author

mccoyp commented Feb 1, 2024

Closing since this issue hasn't had any progress and isn't pressing.

@mccoyp mccoyp closed this as completed Feb 1, 2024
@github-actions github-actions bot locked and limited conversation to collaborators May 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mccoyp mccoyp

Labels
Client This issue points to a problem in the data-plane of the library. KeyVault test-enhancement
Projects
Azure SDK for Key Vault
Archived in project
Milestone
Backlog
Development

No branches or pull requests
2 participants
@lmazuel @mccoyp