Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5315

mcasperson · 2019-02-19T23:08:37Z

Sensitive Terraform output variables are saved and exposed as regular variables, and printed in the logs.

For example, if you deploy the following Terraform template:

{"output":{"test":{"sensitive": true, "value": "hi"}}}

The value hi would appear in the logs.

The text was updated successfully, but these errors were encountered:

mcasperson · 2019-02-19T23:10:52Z

Sensitive variables are now masked in the logs and saved as Octopus sensitive variables.

lock · 2019-05-21T04:01:27Z

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

mcasperson self-assigned this Feb 19, 2019

mcasperson closed this as completed Feb 19, 2019

mcasperson added this to the 2019.1.8 milestone Feb 19, 2019

mcasperson changed the title ~~Save terraform sensitive values as Octopus sensitive values~~ Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) Feb 20, 2019

lock bot locked as resolved and limited conversation to collaborators May 21, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5315

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5315

mcasperson commented Feb 19, 2019

mcasperson commented Feb 19, 2019

lock bot commented May 21, 2019

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5315

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5315

Comments

mcasperson commented Feb 19, 2019

mcasperson commented Feb 19, 2019

lock bot commented May 21, 2019