Closed MiConnell closed 2 months ago
When using an access token stored in an env var to install a package from a private git repo, I see the full access token in the output logs.
environment variable:
DBT_SECRET_GIT_CREDENTIAL = plain_text_secret_key
packages.yml entry:
- git: `"https://{{env_var('DBT_SECRET_GIT_CREDENTIAL')}}@github.com/me/private_pagkage.git"` revision: "v0.0.1-beta"
dbt-core (Redshift) dbt deps output:
dbt deps
18:50:29 Installing https://*****@github.com/me/private_package.git
dbt-sqlserver dbt deps output:
18:50:29 Installing https://plain_text_secret_key@github.com//me/private_package.git
I haven't tested this with environment variables elsewhere but I'm assuming it will happen throughout the project - these should never be logged in plain text.
When using an access token stored in an env var to install a package from a private git repo, I see the full access token in the output logs.
environment variable:
packages.yml entry:
dbt-core (Redshift)
dbt deps
output:dbt-sqlserver
dbt deps
output:I haven't tested this with environment variables elsewhere but I'm assuming it will happen throughout the project - these should never be logged in plain text.