Closed bbgobie closed 4 years ago
I'm not sure if this is only if there's an error while mounting, but in my logs I'm seeing log entries like this.
I believe as a best practice the secret should not be logged in plain text like this.
/etc/kubernetes/volumeplugins/azure~kv/azurekeyvault-flexvolume -logtostderr=1 -vaultName=abc -vaultObjectNames=abc -vaultObjectAliases=abc-resourceGroup=abc -dir=/var/lib/kubelet/pods/7b42de67-d48b-11e9-8102-7e6b463ee4ce/volumes/azure~kv/test -subscriptionId=abc -cloudName= -tenantId=abc -aADClientSecret=SECRETHERE -aADClientID=abc -usePodIdentity=false -podNamespace=abc -podName=nginx-flex-kv -vaultObjectVersions= -vaultObjectTypes=secret
Thanks for reporting this issue. Will fix this soon!
I'm not sure if this is only if there's an error while mounting, but in my logs I'm seeing log entries like this.
I believe as a best practice the secret should not be logged in plain text like this.
/etc/kubernetes/volumeplugins/azure~kv/azurekeyvault-flexvolume -logtostderr=1 -vaultName=abc -vaultObjectNames=abc -vaultObjectAliases=abc-resourceGroup=abc -dir=/var/lib/kubelet/pods/7b42de67-d48b-11e9-8102-7e6b463ee4ce/volumes/azure~kv/test -subscriptionId=abc -cloudName= -tenantId=abc -aADClientSecret=SECRETHERE -aADClientID=abc -usePodIdentity=false -podNamespace=abc -podName=nginx-flex-kv -vaultObjectVersions= -vaultObjectTypes=secret