Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Echoing DB_URL environment variable may leak secrets #1667

Closed
masenf opened this issue Aug 23, 2023 · 3 comments
Closed

Echoing DB_URL environment variable may leak secrets #1667

masenf opened this issue Aug 23, 2023 · 3 comments
Assignees
@shashank40
Labels
enhancement Anything you want improved good first issue Good for newcomers

Comments

@masenf
Copy link
Collaborator

masenf commented Aug 23, 2023

Describe the bug
In reflex-0.2.5, overriding the config with environment variables logs a message to the console containing the value. Since the DB_URL likely contains the database credentials, it shouldn't be echoed to the logs.

To Reproduce

DB_URL=postgresql+psycopg2://postgres:secret@db/postgres reflex run
Info: Overriding config value db_url with env var DB_URL=postgresql+psycopg2://postgres:secret@db/postgres

Specifics (please complete the following information):

  • Python Version: 3.11.4
  • Reflex Version: 0.2.5
  • OS: -
  • Browser (Optional): -
@masenf masenf added enhancement Anything you want improved good first issue Good for newcomers labels Aug 23, 2023
@shashank40
Copy link
Contributor

Picking this up

@masenf
Copy link
Collaborator Author

masenf commented Aug 23, 2023

Thank you 🙏

@shashank40 shashank40 mentioned this issue Aug 25, 2023
Merged
@shashank40
Copy link
Contributor

Can this be reviewed?
#1681

@masenf masenf closed this as completed Aug 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shashank40 shashank40

Labels
enhancement Anything you want improved good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@masenf @shashank40