-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"mrsk config" exposes env secrets #96
Comments
kjellberg
changed the title
"mrsk-dev config" exposes env secrets
"mrsk config" exposes env secrets
Mar 9, 2023
Happy to see redact or similar applies to mrsk config, but the keys should be listed there. |
So something like |
Yes, all env inputs are meant to be listed. But we can add redacting. |
Fixed in #182 |
ncreuschling
pushed a commit
to ncreuschling/mrsk
that referenced
this issue
Apr 12, 2023
* `-e [REDACTED]` → `-e SOME_SECRET=[REDACTED]` * Replaces `Utils.redact` with `Utils.sensitive` to clarify that we're indicating redactability, not actually performing redaction. * Redacts from YAML output, including `mrsk config` (fixes basecamp#96)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There will be cases when a user is asked to copy the output of
mrsk config
for debugging. Currently it's a bad idea since all secrets are exposed inenv_args
, which also makes the following statement in README false:Marking an ENV as secret currently only redacts its value in the output for MRSK.
The text was updated successfully, but these errors were encountered: