Replies: 4 comments 10 replies
-
Definitely. Seems almost like a weakness in JOSDK, IMHO secrets should never be leaked in a log. |
Beta Was this translation helpful? Give feedback.
-
Yep, not on debug level, will issue a fix. |
Beta Was this translation helpful? Give feedback.
-
@csviri SSABasedGenericKubernetesResourceMatcher has the same issue: and it looks like a couple of trace logs as well. |
Beta Was this translation helpful? Give feedback.
-
More generally speaking, maybe we should consider reworking the logging in JOSDK for v5 to align better with observability requirements? |
Beta Was this translation helpful? Give feedback.
-
When the operator is creating a secret it will log at a debug level something like:
2023-07-27 18:31:50,503 DEBUG [io.jav.ope.pro.dep.AbstractDependentResource] (pool-18-thread-1) Creating dependent Secret(apiVersion=v1, data={username=YWRtaW4=, password=OWI0NDliZjM5MTI1NGNlMzg3OWFkNDBkOGYzM2E5MjE=}, immutable=null, kind=Secret, metadata=ObjectMeta(annotations={}, creationTimestamp=null, deletionGracePeriodSeconds=null, deletionTimestamp=null, ...
Should the data / stringData be redacted?
cc @vmuzikar
Beta Was this translation helpful? Give feedback.
All reactions