Closed haarchri closed 2 years ago
did we have a use-case that we leaking security-credentials in debug log like access_key and secret_key ? problem is that these logs scraped by monitoring stack - for static credentials its very bad ...
{\"filename\":\"main.tf.json\",\"start\":{\"line\":1,\"column\":1289,\"byte\":1288},\"end\":{\"line\":1,\"column\":1290,\"byte\":1289}},\"snippet\":{\"context\":\"resource.aws_security_group_rule.test-access\",\"code\":\"{\\\"provider\\\":{\\\"aws\\\":{\\\"access_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX\\\",\\\"region\\\":\\\"eu-central-1\\\",\\\"secret_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX=\\\"}},\\\"resource\\\":{\\\"aws_security_group_rule\\\":{\\\"test\\\":{\\\"cidr_blocks\\\":[\\\"10.0.0.0/8\\\",\\\"192.168.1.1/32\\\",\\\"192.168.2.2/32\\\",\\\"192.168.3.3/32\\\"],\\\"description\\\":\\\"test-access\\\",\\\"from_port\\\":443,\\\"lifecycle\\\":{\\\"prevent_destroy\\\":true},\\\"protocol\\\":\\\"tcp\\\",\\\"security_group_id\\\":\\\"sg-123456789xxx\\\",\\\"to_port\\\":443,\\\"type\\\":\\\"ingress\\\"}}},\\\"terraform\\\":{\\\"required_providers\\\":{\\\"aws\\\":{\\\"source\\\":\\\"hashicorp/aws\\\",\\\"version\\\":\\\"3.56.0\\\"}}}}\",\"start_line\":1,\"highlight_start_offset\":1288,\"highlight_end_offset\":1289,\"values\":[]}},\"type\":\"diagnostic\"}\n"}
Crossplane version:
@haarchri This is seen only in debug mode, right? Have you seen it when you run the provider without --debug flag?
--debug
What happened?
did we have a use-case that we leaking security-credentials in debug log like access_key and secret_key ? problem is that these logs scraped by monitoring stack - for static credentials its very bad ...
{\"filename\":\"main.tf.json\",\"start\":{\"line\":1,\"column\":1289,\"byte\":1288},\"end\":{\"line\":1,\"column\":1290,\"byte\":1289}},\"snippet\":{\"context\":\"resource.aws_security_group_rule.test-access\",\"code\":\"{\\\"provider\\\":{\\\"aws\\\":{\\\"access_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX\\\",\\\"region\\\":\\\"eu-central-1\\\",\\\"secret_key\\\":\\\"XXXXXXXXXXXXXXXXXXXXX=\\\"}},\\\"resource\\\":{\\\"aws_security_group_rule\\\":{\\\"test\\\":{\\\"cidr_blocks\\\":[\\\"10.0.0.0/8\\\",\\\"192.168.1.1/32\\\",\\\"192.168.2.2/32\\\",\\\"192.168.3.3/32\\\"],\\\"description\\\":\\\"test-access\\\",\\\"from_port\\\":443,\\\"lifecycle\\\":{\\\"prevent_destroy\\\":true},\\\"protocol\\\":\\\"tcp\\\",\\\"security_group_id\\\":\\\"sg-123456789xxx\\\",\\\"to_port\\\":443,\\\"type\\\":\\\"ingress\\\"}}},\\\"terraform\\\":{\\\"required_providers\\\":{\\\"aws\\\":{\\\"source\\\":\\\"hashicorp/aws\\\",\\\"version\\\":\\\"3.56.0\\\"}}}}\",\"start_line\":1,\"highlight_start_offset\":1288,\"highlight_end_offset\":1289,\"values\":[]}},\"type\":\"diagnostic\"}\n"}
How can we reproduce it?
What environment did it happen in?
Crossplane version: