search

m-lab / alertmanager-github-receiver

Prometheus Alertmanager webhook receiver that creates GitHub issues from alerts
Apache License 2.0
48 stars 23 forks source link

Stop logging secret values passed as arguments #64

Open findmyname666 opened 1 year ago

findmyname666 commented 1 year ago

Please stop logging authentication creds / token passed as argument or environment variable. Example beginning of the log:

2023/10/13 10:52:10 Argument alert-template-file=
Alertmanager URL: {{.Data.ExternalURL}}
{{range .Data.Alerts}}
  * {{.Status}} {{.GeneratorURL}}
  {{if .Labels}}
    Labels:
  {{- end}}
  {{range $key, $value := .Labels}}
    - {{$key}} = {{$value -}}
  {{end}}
  {{if .Annotations}}
    Annotations:
  {{- end}}
  {{range $key, $value := .Annotations}}
    - {{$key}} = {{$value -}}
  {{end}}
{{end}}

TODO: add graph url from annotations.

2023/10/13 10:52:10 Argument alertlabel=alert:boom:
2023/10/13 10:52:10 Argument authtoken=github_reducted_
2023/10/13 10:52:10 Argument authtoken-file=

Looking at the code we could use function ArgsFromEnvWithLog(f, false) instead of ArgsFromEnv in the main function.