Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: do not log encoded secrets #596

Merged
merged 1 commit into from
Jan 13, 2025
Merged

fix: do not log encoded secrets #596

merged 1 commit into from
Jan 13, 2025

Conversation

dariuszd21
Copy link
Contributor

@dariuszd21 dariuszd21 commented Dec 13, 2024
edited
Loading

  • Have you followed the guidelines for contributing?
  • Have you signed the CLA?
  • Have you successfully run tox?

Encoded secrets leak in the logs of the host instance, when managed instance is about to run. If additionally subsequent process fails, value is printed again in the failure traceback.
As they're only encoded not encrypted we should take a precautions and hide those values from the user.

@codecov Codecov
Copy link

codecov bot commented Dec 13, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (hotfix/4.8@96f17af). Learn more about missing BASE report.

Additional details and impacted files 
@@              Coverage Diff              @@
##             hotfix/4.8     #596   +/-   ##
=============================================
  Coverage              ?   90.39%           
=============================================
  Files                 ?       66           
  Lines                 ?     3989           
  Branches              ?      454           
=============================================
  Hits                  ?     3606           
  Misses                ?      295           
  Partials              ?       88

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dariuszd21 dariuszd21 force-pushed the work/mark-craft-secrets-value branch 3 times, most recently from 27ca53e to f6b1f87 Compare December 13, 2024 17:00
@dariuszd21 dariuszd21 force-pushed the work/mark-craft-secrets-value branch 2 times, most recently from edcfa2b to 19faa83 Compare December 13, 2024 17:21
@dariuszd21 dariuszd21 requested a review from a team December 13, 2024 20:10
@dariuszd21 dariuszd21 marked this pull request as ready for review December 13, 2024 20:10
mattculler
mattculler approved these changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@mattculler mattculler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed with Alex that this should be 4.6.1, but otherwise looks good.

@lengau lengau changed the base branch from main to hotfix/4.6 December 17, 2024 21:22
@lengau lengau requested a review from medubelko December 17, 2024 21:23
lengau
lengau approved these changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@lengau lengau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since @mattculler agrees I've gone ahead and re-targeted this at the 4.6 hotfix branch. I can celease as soon as @medubelko approves the changelog.

@dariuszd21 dariuszd21 force-pushed the work/mark-craft-secrets-value branch 2 times, most recently from a387d4c to 38d3a8c Compare January 8, 2025 22:18
@dariuszd21
Copy link
Contributor Author

dariuszd21 commented Jan 8, 2025
edited
Loading

I've rebased it on the top of 4.7.0 release, but we need to create hotfix/4.7 to land it

@dariuszd21 dariuszd21 force-pushed the work/mark-craft-secrets-value branch 2 times, most recently from bacee16 to 0f0fae7 Compare January 8, 2025 22:20
@dariuszd21
fix: do not log encoded secrets
cc644d1 
Signed-off-by: Dariusz Duda <dariusz.duda@canonical.com>
@dariuszd21 dariuszd21 force-pushed the work/mark-craft-secrets-value branch from 0f0fae7 to cc644d1 Compare January 13, 2025 20:44
@dariuszd21 dariuszd21 changed the base branch from hotfix/4.6 to main January 13, 2025 20:45
@lengau lengau changed the base branch from main to hotfix/4.8 January 13, 2025 21:23
@lengau lengau merged commit e958464 into canonical:hotfix/4.8 Jan 13, 2025
11 of 12 checks passed
@dariuszd21 dariuszd21 deleted the work/mark-craft-secrets-value branch January 14, 2025 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattculler mattculler mattculler approved these changes

@medubelko medubelko medubelko approved these changes

@lengau lengau lengau approved these changes

Assignees
No one assigned
Labels
squash
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dariuszd21 @lengau @medubelko @mattculler