crossplane-contrib / provider-jet-aws

AWS Provider for Crossplane that is built with Terrajet.
https://crossplane.io
Apache License 2.0
37 stars 30 forks source link

leaking security-credentials in debug like access_key, secret_key #219

Closed haarchri closed 2 years ago

haarchri commented 2 years ago

What happened?

did we have a use-case that we leaking security-credentials in debug log like access_key and secret_key ? problem is that these logs scraped by monitoring stack - for static credentials its very bad ...

{\"filename\":\"main.tf.json\",\"start\":{\"line\":1,\"column\":1289,\"byte\":1288},\"end\":{\"line\":1,\"column\":1290,\"byte\":1289}},\"snippet\":{\"context\":\"resource.aws_security_group_rule.test-access\",\"code\":\"{\\\"provider\\\":{\\\"aws\\\":{\\\"access_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX\\\",\\\"region\\\":\\\"eu-central-1\\\",\\\"secret_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX=\\\"}},\\\"resource\\\":{\\\"aws_security_group_rule\\\":{\\\"test\\\":{\\\"cidr_blocks\\\":[\\\"10.0.0.0/8\\\",\\\"192.168.1.1/32\\\",\\\"192.168.2.2/32\\\",\\\"192.168.3.3/32\\\"],\\\"description\\\":\\\"test-access\\\",\\\"from_port\\\":443,\\\"lifecycle\\\":{\\\"prevent_destroy\\\":true},\\\"protocol\\\":\\\"tcp\\\",\\\"security_group_id\\\":\\\"sg-123456789xxx\\\",\\\"to_port\\\":443,\\\"type\\\":\\\"ingress\\\"}}},\\\"terraform\\\":{\\\"required_providers\\\":{\\\"aws\\\":{\\\"source\\\":\\\"hashicorp/aws\\\",\\\"version\\\":\\\"3.56.0\\\"}}}}\",\"start_line\":1,\"highlight_start_offset\":1288,\"highlight_end_offset\":1289,\"values\":[]}},\"type\":\"diagnostic\"}\n"}

How can we reproduce it?

What environment did it happen in?

Crossplane version:

muvaf commented 2 years ago

@haarchri This is seen only in debug mode, right? Have you seen it when you run the provider without --debug flag?