Add filtering mechanism for the sensitive data (#3207)

hitachienergy / epiphany

Cloud and on-premises automation for Kubernetes centered industrial grade solutions.

Apache License 2.0

138 stars 107 forks source link

Add filtering mechanism for the sensitive data (#3207) #3208

Closed sbbroot closed 2 years ago

seriva commented 2 years ago

@to-bar I think this filter should cover everything, I went quickly through the defaults and besides cloud and ...password... I don't think anything more is there. Or maybe you know something more:)

@sbbroot Maybe we can also apply this to the dump_debug_info function in epicli.py:

Would be nice to kill 2 birds with one stone.

to-bar commented 2 years ago

@to-bar I think this filter should cover everything, I went quickly through the defaults and besides cloud and ...password... I don't think anything more is there. Or maybe you know something more:)

I have grep-ed schema subdir using secret pattern. Found some keys but by default they are commented out, e.g:

  - name: rabbitmq
    #image_pull_secret_name: regcred # optional

#  image_registry_secrets:
#  - email: emaul@domain.com
#    name: secretname
#    namespace: default
#    password: docker-registry-pwd
#    server_url: docker-registry-url
#    username: docker-registry-user

Maybe emails should also be filtered out?

#     - name: 'opsgenie'
#       opsgenie_config:
#         api_key: <secret> | default = global.opsgenie_api_key
#         api_url: <string> | default = global.opsgenie_api_url

seriva commented 2 years ago

@to-bar I think this filter should cover everything, I went quickly through the defaults and besides cloud and ...password... I don't think anything more is there. Or maybe you know something more:)

@sbbroot Maybe we can also apply this to the dump_debug_info function in epicli.py:

Would be nice to kill 2 birds with one stone.

As discussed with @sbbroot lets defer this to a separate issue as this is not entirely related to this issue. @sbbroot pls create it:)