-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure env vars deployed together with the plain ones as clear text #47
Comments
Just realized I created dup to #42 |
The az cli supports two forms of environment variables for azure container instances. It appears that the github action is grouping both flags together and just treating them all as environment variables. In the taskparameters.ts file it appears that the two flags are being processed independently, but the processes for both is the same.
|
This issue is marked need-to-triage for generating issues report. |
@kanika1894 @prein @dbrooks5 fix should be to use Problem code: aci-deploy/src/taskparameters.ts Lines 154 to 166 in abb2c5f
Potential fix:
|
Fixed by the PR : #51 |
It is fixed in the source ts file, but not in the lib js file, so when using it in Github actions secure environment variables are still passed on as normal environment variables. |
Not sure if I understand what is happening in the following piece:
aci-deploy/lib/taskparameters.js
Line 33 in bcb0a1c
but it looks like the secure is mixed together with insecure?
This can also be observed if I use Terraform
azurerm_container_group
resource to deploy the same container group instance and have bothenvironment_variables
andsecure_environment_variables
defined in both places.For example, if my github workflow goes like this:
And my TF goes like this
resource "azurerm_container_group" "containergroup" {
Then terraform plan will find BAR among clear text variables
One can also confirm the secure env vars are stored as clear text using
az container show
or in the azure portalExample
The text was updated successfully, but these errors were encountered: