[bitnami/etcd] Root password is logged at the startup of etcd pods

[jb-abbadie]

Name and Version

bitnami/etcd 9.14.2

What architecture are you using?

amd64

What steps will reproduce the bug?

1. $ helm install etcd oci://registry-1.docker.io/bitnamicharts/etcd --version 9.14.2 --set auth.rbac.rootPassword=fakepassword
2. Wait for pod etcd-0 to be created
3. $ kubectl logs etcd-0 | grep fakepassword
4. Observe the root password in the logs

Are you using any custom parameters or values?

Only parameter is auth.rbac.rootPassword is set.

This also happens when setting the root password through auth.rbac.existingSecret

What is the expected behavior?

Pod log do not contain the root password

What do you see instead?

The log contain the root password

Additional information

This issue was already fixed in 2020 #1909 but seems to have been reintroduced since.

The fix probably involves adding the command unset ETCD_ROOT_PASSWORD before the startup of the etcd process.
This script is in https://github.com/bitnami/containers/blob/main/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/run.sh , I can file a bug in this repo instead if its easier.

[javsalgar]

Hi!

Thank you so much for reporting. Would you like to submit a PR unsetting the password value before launching etcd?

[jb-abbadie]

I created this PR to fix the issue

[javsalgar]

Thank you so much for the PR! The team will take a look

[jb-abbadie]

Closing since it was fixed and a new version of the chart is released