Closed videlov closed 4 years ago
HI @videlov The latest release v29.0.0 has removed the credentials from error message. Please check it.
The Issue can be closed from our side. We validated that no secrets are leaked anymore. We provoked an error by referencing an invalid vm_type with the old and the new version.
Thanks for following up so quickly!
Best regards, @FlorianNachtigall , @beckermax
When cpi methods (e.g.,
create_vm
) fail, the cpi returns an error which wraps the full context including certificates and passwords. The cpi must not reveal any credentials in the error response. We found that the whole context is also written into logs, these must also redacted./cc @s4heid @friegger