-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_storage_account reveals sensitive data in console #1239
Comments
Thanks again for noticing this 🙂 I looked for this problem in other resources and discovered it in over 20 other resources 😅 I have just opened a PR (#1242) that will resolve all the ones I found in v1.6.0. |
Hey @subesokun, Just wanted to let you know we have released v1.6.0 of the provider fixing this leakage of sensitive info. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Community Note
Terraform Version
Terraform v0.11.7
provider.azurerm: version = "~> 1.4"
Affected Resource(s)
Expected Behavior
While creating or applying an execution plan no sensitive data should be printed into the console logs. This is very important in case TF is running as part of a CI/CD pipeline.
Actual Behavior
If TF detects a change on a
azurerm_storage_account
resource and needs to recreate it then sensitive data such as theprimary access key
for the current active storage accounts gets printed in clear text into the console. This is very critical if your CI/CD pipeline just performed the planning step but did not execute yet the plan as in our case sometimes a manual approval is required before we allow the execution of the plan. As the current activeprimary access key
gets revealed anybody with access to the console logs is now able to infiltrate the storage account.List of attributes that should be marked as sensitive to avoid this issue:
Steps to Reproduce
terraform apply
terraform plan
The text was updated successfully, but these errors were encountered: