I noticed gatekeeper logs the github client secret, as well as the users codes and tokens to console output.
That is a security issues in settings, there one doesn't control the log output / server env.
For example, zeit's now.sh seems to show the logs publicly on their public plan. There the logging would quickly become a major security issue.
(Otherwhise deploying gatekeeper to now.sh would be a great option imo)
I could send a PR with sanitized log output, if you are interested in that. Please let me know.
I noticed gatekeeper logs the github client secret, as well as the users codes and tokens to console output.
That is a security issues in settings, there one doesn't control the log output / server env.
For example, zeit's now.sh seems to show the logs publicly on their public plan. There the logging would quickly become a major security issue. (Otherwhise deploying gatekeeper to now.sh would be a great option imo)
I could send a PR with sanitized log output, if you are interested in that. Please let me know.