Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/etcd] Root password is printed to logs in clear text #1901

Closed
turkenh opened this issue Feb 10, 2020 · 6 comments · Fixed by #1909
Closed

[bitnami/etcd] Root password is printed to logs in clear text #1901

turkenh opened this issue Feb 10, 2020 · 6 comments · Fixed by #1909

Comments

@turkenh
Copy link
Contributor

turkenh commented Feb 10, 2020

Which chart:

etcd - 4.4.11

Description

Root password of ETCD is printed to pod logs.

Steps to reproduce the issue:

  1. Deploy etcd helm chart with production values (didn't check if issue happens or not with default values.yaml)
  2. Check logs of any etcd pod.

2020-02-10 12:45:54.277976 W | pkg/flags: unrecognized environment variable ETCD_ROOT_PASSWORD=fFKT5yYerv

Describe the results you received:

Root password is printed to logs in clear text

Describe the results you expected:

Password should never printed to logs.

Additional information you deem important (e.g. issue happens only occasionally):

Version of Helm and Kubernetes:

  • Output of helm version:
version.BuildInfo{Version:"v3.0.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}
  • Output of kubectl version:
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2020-01-14T00:09:19Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
@javsalgar
Copy link
Contributor

Hi,

Just a quick note to let you know that I triggered a release of a container that will fix the issue. Thank you very much for reporting.

@javsalgar
Copy link
Contributor

Hi,

The new container is available. I will now update the chart https://github.com/bitnami/bitnami-docker-etcd/commit/f17ff769b3355bf6fb560eaa18079578eadb6684

@javsalgar
Copy link
Contributor

Done c4f47a0

@turkenh
Copy link
Contributor Author

turkenh commented Feb 11, 2020

Thanks, however, I just tested again with chart version 4.4.13, log is still there:

$ helm ls
NAME        	NAMESPACE  	REVISION	UPDATED                             	STATUS  	CHART                        	APP VERSION
etcd-cluster	etcd-system	1       	2020-02-11 13:18:55.161282 +0300 +03	deployed	etcd-4.4.13                  	3.4.3

$ kubectl get pods etcd-cluster-0 -o yaml |grep 3.4.3-debian-10
    image: docker.io/bitnami/etcd:3.4.3-debian-10-r16
    image: docker.io/bitnami/etcd:3.4.3-debian-10-r16

$ kubectl logs etcd-cluster-0 |grep ROOT_PASS
2020-02-11 10:19:28.229385 W | pkg/flags: unrecognized environment variable ETCD_ROOT_PASSWORD=qwerty123

Am I missing something?

@javsalgar
Copy link
Contributor

Hi,

Just forgot that we override the default command in the chart. I am currently updating the scripts configmap.

@javsalgar javsalgar mentioned this issue Feb 11, 2020
Merged
4 tasks
@javsalgar
Copy link
Contributor

Here is the PR #1909

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[bitnami/etcd] Fix showing ETCD_ROOT_PASSWORD in the logs bitnami/charts
2 participants
@javsalgar @turkenh