-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm upgrade output message can contain sensitive data on error #11727
Comments
bug? It is useful for helm to display what is failing of course. But potentially outputting creds might need to be fixed (somehow)? |
Maybe a flag to mask values in-case of an error? |
I'm mostly sure this comes from the Kubernetes library. If I have any time this week I was hoping to hunt it down. |
This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs. |
This issue can cause to data leak of credentials. |
Output of
helm version
: v3.7.1Output of
kubectl version
: v1.21.2In case helm upgrade fails its usually print the error message, the message can include sensitive data such as secrets or passwords.
I’m facing with an issue when one of the deployment parameters contains invalid certificate, this cause to an error and though helm printed the full error to the screen, including the json value which contains several secret keys. The output usually printed to external applications which other users has access as well.
Trying to execute helm upgrade and write the output to file nor dev/null wasn’t helpful, it’s still printed to the screen, this probably since the error occurs during runtime.
Also execute helm upgrade with dry-run didn’t help, since dry-run passed (dry-run doesn’t validate the certificate)
Can we control the output message, or any suggestion how to overcome such behavior?
See below and example (off course secrets masked)
Ill appreciate your insights.
Regards,
Shalom
The text was updated successfully, but these errors were encountered: