Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Task needed to expose secret values from the Azure key vault that are shorter than N characters #17437

Open
StingyJack opened this issue Dec 7, 2022 · 5 comments

Comments

@StingyJack
Copy link

Question, Bug, or Feature?
Type: Question

Environment

Hosted agent in AzDo cloud

Issue Description

Apparently there is a need to directly expose secret values retrieved from the Azure Key Vault task that are shorter than some configurable number of characters.

Task logs

Specifically these secret values would be visible in the logs. Therein lies the problem, as secret values (along with non-secret values) are intentionally masked in the logs.

The question is :
How can I expose secrets via task log so they wont get masked?

Full Disclosure - I dont think this is a good idea, and I dont want secrets to be directly exposed in the logs. Secrets should stay secret, but due to the way the masking is applied there are some secret values that can be deduced. The solution proposed for this is currently to not mask secret values that are shorter than N characters, which directly exposes the secret values rather than indirectly deducing them. I have tried to get those making the changes to recognize this fix is worse than the current situation but they dont respond via the issue, the PR, or the support case that is open, so I'm trying an issue in a related repo to get someone outside of that team to halt the security mistake being made. Also the solution does not meet the requirements.

@StingyJack
Copy link
Author

The GitHub actions bot has added a question label, which is inappropriate.

@github-actions
Copy link

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

@github-actions github-actions bot added the stale label Aug 22, 2023
@StingyJack
Copy link
Author

The issue isn't stale.

@github-actions github-actions bot removed the stale label Aug 24, 2023
Copy link

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

@github-actions github-actions bot added the stale label Feb 20, 2024
@StingyJack
Copy link
Author

Remove the stale label or comment on the issue otherwise this will be closed in 5 days

I did comment. Stop treating it as stale.

@github-actions github-actions bot removed the stale label Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant