The tile config leaks the service-account because it's not marked as a credential

cloudfoundry-community / stackdriver-tools

Stackdriver Nozzle for Cloud Foundry Loggregator, Host Monitoring Agents BOSH Release

Apache License 2.0

21 stars 13 forks source link

The tile config leaks the service-account because it's not marked as a credential #250

Open bengtrj opened 5 years ago

bengtrj commented 5 years ago

Context:

Tile version: 2.1.0 (current latest) When exporting the OpsManager state so we can back it up, our automatic credential detector did detect a credential.

    ".properties.service_account": {
      "configurable": true,
      "credential": false, <--this-should-be-true
      "optional": false,
      "type": "text",
      "value": "MANUALLY-REDACTED"
    },

This exposes the service account json and should be avoided.