drone-cache expose some secrets in debug mode #140
Labels
bug
Something isn't working
good first issue
Good for newcomers
hacktoberfest
help wanted
Extra attention is needed
Comments
hacktron95
changed the title
|
@hacktron95 Wow 😮 Thanks for catching this. |
kakkoyun
added
bug
|
@kakkoyun if you have a suggested approach, or you doubt something is causing this, |
|
@hacktron95 If could find an obfuscator that would be the easiest. Otherwise, other than blindly logging data we should just manually select what we log. |
|
@hacktron95 Do you still see secrets printed in logs when debug mode is enabled? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Drone prints passed
gcs.json-keysecret in the logs whendebugmode is enabledTo Reproduce
Steps to reproduce the behavior:
v1.1.0, I passedgcs.json-keyas organization secret and enable debug mode.Expected behavior
on debug mode or not, drone should never print a secret, and you will see in the screenshot that drone actually does this, it's only the json-key is printed.
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: