Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Describe the user story
Git credentials are exposed in atlantis logs (at least) when --write-git-creds. Even though there's a warning in atlantis documentation stating "This does write secrets to disk and should only be enabled in a secure environment.", i believe they shouldn't be exposed in the logs. I have provided below an excerpt of the log message and replaced my credentials with actualcredentialshere
1702650458045,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.045Z"",""caller"":""vcs/gh_app_creds_rotator.go:58"",""msg"":""Refreshing git tokens for Github App"",""json"":{}}"
1702650458045,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.045Z"",""caller"":""vcs/gh_app_creds_rotator.go:64"",""msg"":""token actualcredentialshere"",""json"":{}}"
1702650458052,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.052Z"",""caller"":""vcs/git_cred_writer.go:36"",""msg"":""git credentials file has expected contents, not modifying"",""json"":{}}"
Describe the solution you'd like
Git credentials are masked or ommited
Community Note
Describe the user story Git credentials are exposed in atlantis logs (at least) when
--write-git-creds
. Even though there's a warning in atlantis documentation stating "This does write secrets to disk and should only be enabled in a secure environment.", i believe they shouldn't be exposed in the logs. I have provided below an excerpt of the log message and replaced my credentials withactualcredentialshere
Describe the solution you'd like Git credentials are masked or ommited
Describe the drawbacks of your solution N/A
Describe alternatives you've considered N/A