"mrsk config" exposes env secrets #96
Comments
kjellberg
changed the title
|
Happy to see redact or similar applies to mrsk config, but the keys should be listed there. |
|
So something like |
|
Yes, all env inputs are meant to be listed. But we can add redacting. |
|
Fixed in #182 |
ncreuschling
pushed a commit
to ncreuschling/mrsk
that referenced
this issue
Apr 12, 2023
* `-e [REDACTED]` → `-e SOME_SECRET=[REDACTED]` * Replaces `Utils.redact` with `Utils.sensitive` to clarify that we're indicating redactability, not actually performing redaction. * Redacts from YAML output, including `mrsk config` (fixes basecamp#96)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There will be cases when a user is asked to copy the output of
mrsk configfor debugging. Currently it's a bad idea since all secrets are exposed inenv_args, which also makes the following statement in README false:Marking an ENV as secret currently only redacts its value in the output for MRSK.The text was updated successfully, but these errors were encountered: