This repository has been archived by the owner on May 23, 2023. It is now read-only.
Composition functions container exposes secrets in the debug logs #32
Labels
bug
Something isn't working
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
The composite functions container exposes the contents of the secrets it manages. This is a potential security issue and should be avoided.
All sensitive data should be masked in the logs.
Additional Context
The debug log will print out the complete content of a managed resource. If this is a secret, it will also print out the whole secret and it's content and therefore reveal any secrets.
Logs
No response
Expected Behavior
Log files don't expose any sensitive data
Steps To Reproduce
Create new postgresql instance
Watch the logs of the crossplane sidecar: `kubectl -n syn-crossplane logs -f <crossplane_pod_name> -c crossplane-xfc
You will see the content of the connection secret including the PSQL password.
Versions
v1.24.12
The text was updated successfully, but these errors were encountered: