feat: check for accidental exposure of secrets #19543
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
rix0rrr
added
the
pr-linter/exempt-integ-test
rix0rrr
changed the title
rix0rrr
changed the title
rix0rrr
added
the
pr-linter/exempt-readme
madeline-k
suggested changes
Apr 2, 2022
packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts
Outdated
Show resolved
Hide resolved
Comment on lines
75
to
77
| function isSecretValue(x: any): x is SecretValue { | ||
| return typeof x === 'object' && x && 'unsafeUnwrap' in x; | ||
| } |
There was a problem hiding this comment.
Should this be a static function on SecretValue?
There was a problem hiding this comment.
Only if we need it in more than one place.
There was a problem hiding this comment.
hmm okay. If we don't put it into SecretValue right now, I think we risk other people re-implementing the same thing in other places.
Co-authored-by: Madeline Kusters <80541297+madeline-k@users.noreply.github.com>
Co-authored-by: Madeline Kusters <80541297+madeline-k@users.noreply.github.com>
Co-authored-by: Madeline Kusters <80541297+madeline-k@users.noreply.github.com>
…huijbers/secret-values
rix0rrr
changed the title
madeline-k
approved these changes
Apr 8, 2022
Comment on lines
75
to
77
| function isSecretValue(x: any): x is SecretValue { | ||
| return typeof x === 'object' && x && 'unsafeUnwrap' in x; | ||
| } |
There was a problem hiding this comment.
hmm okay. If we don't put it into SecretValue right now, I think we risk other people re-implementing the same thing in other places.
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
otaviomacedo
pushed a commit
that referenced
this pull request
Apr 11, 2022
Introduces the following changes to secrets handling: - Deprecate `SecretValue.plainText()` in favor of `SecretValue.unsafePlainText()` to highlight its issues - Introduce `SecretValue.resourceAttribute()` for cases where we know we want to use a value produced at deployment time - Introduce a new feature flag (`@aws-cdk/core:checkSecretUsage`) which, when enabled, will make it impossible to use secrets without explicitly unwrapping them first (`secretValue.unsafeUnwrap`). This prevents people from naively sticking secrets into vulnerable locations like environment variables. - Deprecate `secretsmanager.SecretStringValueBeta1` in favor of just accepting a `SecretValue`. Since this behavior would constitute a breaking change, it will only be enabled if the feature flag `@aws-cdk/core:checkSecretUsage` is turned on. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
StevePotter
pushed a commit
to StevePotter/aws-cdk
that referenced
this pull request
Apr 27, 2022
Introduces the following changes to secrets handling: - Deprecate `SecretValue.plainText()` in favor of `SecretValue.unsafePlainText()` to highlight its issues - Introduce `SecretValue.resourceAttribute()` for cases where we know we want to use a value produced at deployment time - Introduce a new feature flag (`@aws-cdk/core:checkSecretUsage`) which, when enabled, will make it impossible to use secrets without explicitly unwrapping them first (`secretValue.unsafeUnwrap`). This prevents people from naively sticking secrets into vulnerable locations like environment variables. - Deprecate `secretsmanager.SecretStringValueBeta1` in favor of just accepting a `SecretValue`. Since this behavior would constitute a breaking change, it will only be enabled if the feature flag `@aws-cdk/core:checkSecretUsage` is turned on. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduces the following changes to secrets handling:
SecretValue.plainText()in favor ofSecretValue.unsafePlainText()to highlight its issuesSecretValue.resourceAttribute()for cases where we know we want to use a value produced at deployment time@aws-cdk/core:checkSecretUsage) which, when enabled, will make it impossible to use secrets without explicitly unwrapping them first (secretValue.unsafeUnwrap). This prevents people from naively sticking secrets into vulnerable locations like environment variables.secretsmanager.SecretStringValueBeta1in favor of just accepting aSecretValue.Since this behavior would constitute a breaking change, it will only be enabled if the feature flag
@aws-cdk/core:checkSecretUsageis turned on.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license