(MODULES-8491) Warn about install_options secrets
#147
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@michaeltlombardi it's not a guarantee they will leak - there is some redaction of the arguments passed in. If it is detected they have secrets choco will not show those items. |
jpogran
reviewed
Feb 27, 2019
README.md
Outdated
| @@ -594,6 +594,16 @@ This is the **only** place in Puppet where backslash separators should be used. | |||
| Note that backslashes in double-quoted strings *must* be double-escaped and | |||
| backslashes in single-quoted strings *may* be double-escaped. | |||
|
|
|||
| > **Note on Secrets in `install_options` | |||
There was a problem hiding this comment.
This shouldn't be a markdown quote. Note should have ** before and after
There was a problem hiding this comment.
Changed to **WARNING** about... and dropped block quotes.
|
@ferventcoder altered wording in commit from 'guaranteed' to 'likely' - do you have info on automatic redacting I can point to? |
This commit adds a warning note to the package parameter documentation on `install_options`, clarifying that it is _possible_ that secrets will leak during a debug run and **likely** that they will leak to the Chocolatey log on the machine in any case. The warning further advises users who need to use a secret in their `install_options` to do the following: 1. Never run in debug mode with production credentials. 2. Acquire a C4B license and use the `--package-parameters-sensitive` flag to redact the values from the Chocolatey log.
RandomNoun7
approved these changes
Feb 27, 2019
Merged
chelnak
added a commit
that referenced
this pull request
May 12, 2022
Prior to this commit, there was no guidance in the README that warned users about the risks of passing secrets via install_options. It looks like it existed at some point in the past but was removed when we migrated to an automatically generated REFERENCE.md. This commit adds the original warning back in to the README that was introduced in GH-147.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds a warning note to the package parameter documentation
on
install_options, clarifying that it is possible that secretswill leak during a debug run and guaranteed that they will leak
to the Chocolatey log on the machine in any case.
The warning further advises users who need to use a secret in their
install_optionsto do the following:--package-parameters-sensitiveflag to redact the values from the Chocolatey log.