Don't bother trying to hide secrets in values [#34]
While testing this I discovered the secrets are revealed anyway, since the lint/upgrade jobs' debug output includes the command they generated. Might as well make the code a little simpler.
This commit is contained in:
Erin Call
parent
8f7b481934
commit
22aa1df894
13
internal/env/config.go
vendored
13
internal/env/config.go
vendored
|
|
@ -89,12 +89,12 @@ func NewConfig(stdout, stderr io.Writer) (*Config, error) {
|
|||
cfg.Timeout = fmt.Sprintf("%ss", cfg.Timeout)
|
||||
}
|
||||
|
||||
cfg.loadValuesSecrets()
|
||||
|
||||
if cfg.Debug && cfg.Stderr != nil {
|
||||
cfg.logDebug()
|
||||
}
|
||||
|
||||
cfg.loadValuesSecrets()
|
||||
|
||||
cfg.deprecationWarn()
|
||||
|
||||
return &cfg, nil
|
||||
|
|
@ -108,9 +108,6 @@ func (cfg *Config) loadValuesSecrets() {
|
|||
varName = sigils.ReplaceAllString(varName, "")
|
||||
|
||||
if value, ok := os.LookupEnv(varName); ok {
|
||||
if cfg.Debug {
|
||||
fmt.Fprintf(cfg.Stderr, "Replaced $%s with value in environment\n", varName)
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
|
|
@ -120,13 +117,7 @@ func (cfg *Config) loadValuesSecrets() {
|
|||
return ""
|
||||
}
|
||||
|
||||
if cfg.Debug {
|
||||
fmt.Fprintf(cfg.Stderr, "Replacing environment variable references in Values\n")
|
||||
}
|
||||
cfg.Values = findVar.ReplaceAllStringFunc(cfg.Values, replacer)
|
||||
if cfg.Debug {
|
||||
fmt.Fprintf(cfg.Stderr, "Replacing environment variable references in StringValues\n")
|
||||
}
|
||||
cfg.StringValues = findVar.ReplaceAllStringFunc(cfg.StringValues, replacer)
|
||||
}
|
||||
|
||||
|
|
|
|||
11
internal/env/config_test.go
vendored
11
internal/env/config_test.go
vendored
|
|
@ -208,15 +208,8 @@ func (suite *ConfigTestSuite) TestValuesSecretsWithDebugLogging() {
|
|||
_, err := NewConfig(&strings.Builder{}, &stderr)
|
||||
suite.Require().NoError(err)
|
||||
|
||||
// Make a good-faith effort to avoid putting secrets in the log output, but still mention they were found
|
||||
suite.Contains(stderr.String(), "Values:fire=$SECRET_FIRE,water=$SECRET_WATER")
|
||||
suite.Contains(stderr.String(), `
|
||||
Replacing environment variable references in Values
|
||||
Replaced $SECRET_FIRE with value in environment
|
||||
$SECRET_WATER not present in environment, replaced with ""
|
||||
Replacing environment variable references in StringValues
|
||||
Replaced $SECRET_FIRE with value in environment
|
||||
`)
|
||||
suite.Contains(stderr.String(), "Values:fire=Eru_Ilúvatar,water=")
|
||||
suite.Contains(stderr.String(), `$SECRET_WATER not present in environment, replaced with ""`)
|
||||
}
|
||||
|
||||
func (suite *ConfigTestSuite) setenv(key, val string) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue