Tpuljak
commented
5 days ago We can use the secrets-file option of the devcontianer CLI which will mask the env vars in the output.
Open nkkko opened 5 days ago
Tpuljak
commented
5 days ago We can use the secrets-file option of the devcontianer CLI which will mask the env vars in the output.
nkkko
commented
5 days ago This still doesn't eliminate risk if we keep the way things are now?
Tpuljak
commented
5 days ago This still doesn't eliminate risk if we keep the way things are now?
I'm saying that we should implement adding env vars to devcontainers using the secrets-file option as part of this issue. This will eliminate the risk of env vars leaking into the logs.
Now when you create a workspace log that you see while it is created contains all env vars. This is inconvenient as user can accidentally leak the env vars if he is screen sharing/recording or just pasting logs to support.