-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inputText
: add a way to obscure sensitive text
#1226
Comments
Labelling implemented in #1292 will offer (when released) a workaround that allows you to specify a label in your yaml that should replace the text at the beginning of the first of these log lines (but it won't affect the second 😞) |
I think this can be closed as solved by #1481? |
@Fishbowler Can you give an example of how that PR would address this? Your own previous comment said
implying that you didn't think the PR would fully resolve this. |
Ah, yep, you're 100% correct. This is only half fixed. |
inputText
: add a way to obscure sensitive text
Perhaps instead of adding a new - inputText:
text: Hello World
mask: true |
How would we expect this to interact with the debug JSON outputter? |
Is your feature request related to a problem? Please describe.
Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.
Describe the solution you'd like
Perhaps there should be an API:
inputSensitiveText: password
If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.
For example if I have a sensitive text of value: Password1, I currently input it using this:
maestro test login.yml --env=PASSWORD=Password1
test.yaml
and logging outputs this as:
Perhaps we can update API and logging to look more like this:
test.yaml
and logging outputs this as:
Describe alternatives you've considered
For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.
The text was updated successfully, but these errors were encountered: