-
Notifications
You must be signed in to change notification settings - Fork 309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mask proxy credentials in log output #9294
Labels
Comments
mpreu
added
enhancement
Issues that are considered to be enhancements
to triage
Issues that need triaging
labels
Oct 17, 2024
sschuberth
added
cli
About the Command Line Interface
and removed
to triage
Issues that need triaging
labels
Oct 17, 2024
sschuberth
added a commit
that referenced
this issue
Oct 17, 2024
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth
added a commit
that referenced
this issue
Oct 17, 2024
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth
added a commit
that referenced
this issue
Oct 17, 2024
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth
added a commit
that referenced
this issue
Oct 17, 2024
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
What is the existing functionality and how should it be enhanced?
In version
35.0.0
, with log levelinfo
, a summary of relevant environment variables is printed:This includes the proxy variables
http_proxy
andhttps_proxy
. In case these variables contain credentials for an authenticated proxy, they are printed without any masking.As proxy variables are a well known location where credentials can occur, it should be ensured that secrets are masked in every output:
What is the use-case for your enhancement?
Using the logs in CI/CD systems without distributing secrets to all users with read access. Authenticated proxies are a regular occurrence in corporate environments.
Alternatives you have considered
Remove proxy variables completely from environment summary.
Additional context
The text was updated successfully, but these errors were encountered: