Closed idavidmcdonald closed 4 years ago
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
hello @petewall we are happily using this resource but are concerned about this secret leak. Do you know if this bug is planned to be fixed? Would you be open to a PR ? thanks!
Hi @marco-m-pix4d ! Thanks for reaching out. Yeah, we'd totally entertain a PR. I'll make sure the CI is in place to test and merge in PRs.
Hi @petewall, please find the proposed PR #24 to solve this issue.
Thank you, @manuel-pix4d. We're doing a bit of cleanup to bring (and keep) dependencies up-to-date, automatically test PRs, etc. We will get your PR tested and merged when that's ready. Thank you for your patience!
Merged #24 (sorry, I typoed the commit message and it says 21). New image now published on Docker Hub as latest (also tagged as version 0.5.2).
Thank you for this contribution!
We used this concourse resource but set the incorrect password for pypi.
We got the following output in Concourse which included various secrets such as the pypi password:
I think we shouldn't be logging out private keys like this.
We also ran this with the correct password and again got our password outputted: