Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

fix: remove logging of potentially secret value #96

Merged
merged 1 commit into from
Jun 22, 2019
Merged

fix: remove logging of potentially secret value #96

merged 1 commit into from
Jun 22, 2019

Conversation

Flydiverny
Copy link
Member

If one misconfigures a secret these can end up in logs, which could be quite a hassle :)

Example:

...
secretDescriptor:
  backendType: secretsManager
  data:
    - key: hello-service/credentials
      property: password
      name: password

hello-service/credentials from secrets manager:

{
    "Name": "hello-service/credentials",
    "SecretString": "my-super-secret-password",
    ...
}

Would log the following

Failed to JSON.parse 'my-super-secret-password': {}

silasbw
silasbw approved these changes Jun 21, 2019
View reviewed changes
Copy link
Contributor

@silasbw silasbw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doh! 🙏 💯

silasbw
silasbw approved these changes Jun 22, 2019
View reviewed changes
Copy link
Contributor

@silasbw silasbw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Let me know what you think about #97 (comment) :)

@silasbw silasbw merged commit 6063f79 into external-secrets:master Jun 22, 2019
@silasbw
Copy link
Contributor

silasbw commented Jun 22, 2019

This change is included in godaddy/kubernetes-external-secrets:1.3.0.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silasbw silasbw silasbw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Flydiverny @silasbw