fortification: preventing secret leaks

[clux]

What problem are you trying to solve?

It's possible to log Kubeconfig, and Config with Debug - which looks like it will just log all secret information by default.
I want to make this slightly harder to do. Similarly in request parameters that may have access to them.

Describe the solution you'd like

A practice I've seen around is to use:

• secrecy crate to wrap the sensitive credentials
• tower_http::sensitive_headers to mark access creds as sensitive

The first can be used in in the Config, Kubeconfig to help avoiding secrets these being logged (unless explicitly requested via Secret::expose_secret).

The second may be helpful, if it fits into the layer stack, not sure about it.

Describe alternatives you've considered

Removing Debug

Documentation, Adoption, Migration Strategy

Might be considered a breaking change to the Kubeconfig or Config, but can be documented, and it is very light.

Target crate for feature

kube-client

---

• Request headers (fortification: preventing secret leaks #751 (comment))
• AuthInfo password (Use SecretString in AuthInfo to avoid credential leaking #766)
• AuthInfo token (Use SecretString in AuthInfo to avoid credential leaking #766)
• AuthInfo client_key_data
  • Copied to Config identity_pem as well. Cleaned up in Remove crate private identity_pem field from Config #771.

[kazk]

Headers should be marked as sensitive already.

Basic/Bearer:

https://github.com/kube-rs/kube-rs/blob/6b23251c9c39097e9a950a7059e39c39755d1b6a/kube-client/src/client/config_ext.rs#L172-L177

Refreshable Token with exec:
https://github.com/kube-rs/kube-rs/blob/303a000bf7eadaad4d3a6ddbf3030d15b4daa193/kube-client/src/client/auth/mod.rs#L126-L128

Refreshable Token with OAuth:
https://github.com/kube-rs/kube-rs/blob/303a000bf7eadaad4d3a6ddbf3030d15b4daa193/kube-client/src/client/auth/mod.rs#L136-L138

[clux]

Double checking in file_config looks all fortified to me now.

We must have forgotten to close this 😄