dereklieu
commented
6 years ago This would be great. I don't think logging the entire config is a good move anyway.
Closed kriswep closed 6 years ago
dereklieu
commented
6 years ago This would be great. I don't think logging the entire config is a good move anyway.
I noticed gatekeeper logs the github client secret, as well as the users codes and tokens to console output.
That is a security issues in settings, there one doesn't control the log output / server env.
For example, zeit's now.sh seems to show the logs publicly on their public plan. There the logging would quickly become a major security issue. (Otherwhise deploying gatekeeper to now.sh would be a great option imo)
I could send a PR with sanitized log output, if you are interested in that. Please let me know.