You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Password can be provided as SecretStr, and private key can be provided as SecretBytes (or equivalent). This will ensure their value is obfuscated when printed in a stack trace.
How would this improve snowflake-connector-python?
Make it more secure.
References, Other Background
This feature request is triggered by a recent security incident in which our account admin password was leaked into our CI logs 😬
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
Support SecretStr/SecretBytes or equivalent to avoid password/private key being exposed in failed test
SNOW-690680: Support SecretStr/SecretBytes or equivalent to avoid password/private key being exposed in failed test
Nov 8, 2022
The solution proposed here looks incorrect - pytest does not use pydantic for logging. A simple solution to the issue is to configure pytest to use short stack traces (which disables the parameter dumps) for any server based runs (--tb=short)
What is the current behavior?
By default pytest will log function parameter values in stack traces.
So when failing to connect to snowflake (eg: due to a timeout, network error etc.) the password is exposed in plain text.
eg:
What is the desired behavior?
Password can be provided as SecretStr, and private key can be provided as SecretBytes (or equivalent). This will ensure their value is obfuscated when printed in a stack trace.
How would this improve
snowflake-connector-python
?Make it more secure.
References, Other Background
This feature request is triggered by a recent security incident in which our account admin password was leaked into our CI logs 😬
The text was updated successfully, but these errors were encountered: