Skip to content
This repository has been archived by the owner on Nov 18, 2020. It is now read-only.

Environment variables should not be logged #15

Closed
ashtttt opened this issue May 19, 2020 · 1 comment
Closed

Environment variables should not be logged #15

ashtttt opened this issue May 19, 2020 · 1 comment
Labels
enhancement
Milestone
3.1.0

Comments

@ashtttt
Copy link

ashtttt commented May 19, 2020

When a configured environment variable is not set, the library is printing out a warning stating the same, which is good, but in the log message it is also printing out all the environment variables which could be dangerous as some environment variables might have sensitive data like passwords. These logs could get shipped out to a log collector (like splunk) which can be viewed by the entire organization (at least in our case).

  @EnvironmentVariable("ENVIRONMENT")
  private String environment;

And logs are like,

WARNING [org.jeasy.props.processors.EnvironmentVariableAnnotationProcessor processAnnotation] - Environment variable 'ENVIRONMENT' on field 'environment' of type 'com.test..Config' not found in environment variables: [all the env vars]
@fmbenhassine fmbenhassine added this to the 3.1.0 milestone Jun 7, 2020
@fmbenhassine fmbenhassine changed the title All Environment variables are being printed in logs Environment variables should not be logged Jun 7, 2020
@fmbenhassine
Copy link
Member

fmbenhassine commented Jun 7, 2020
edited
Loading

Makes sense, even though I would not put sensitive data in clear text in environment variables. Fixed in 2df02e8. Thank you for raising this!

@fmbenhassine fmbenhassine mentioned this issue Jun 7, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
3.1.0
Development

No branches or pull requests
2 participants
@fmbenhassine @ashtttt