-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix redacting sensitive values that uses backslashes #737 #746
base: main
Are you sure you want to change the base?
Conversation
Any progress on reviewing this? |
@jrhouston @dak1n1, any chance at a review? |
We're running into this same issue when attempting to deploy the ArgoCD helm chart with an OIDC client secret. The key in question has a dot in it so it's not redacted properly and will show up in metadata. Any chance of getting this merged in the short term? |
we are facing this with the exact usecase as @OneMatt any chance this can get nudged along? or is there any alternative that i havn't stumbled across yet? incase its due to a lack of replication
above results in the following helm result
issue is that its then exposed in the metadata output |
This issue has been like that for 2 years. I'm wondering if we still have maintainers for this project... |
It might be that this is a bit of an edgecase as you could argue the helms that need it should just change their map structure to be friendly. in any case my workaround for the time being is to just use until/if its fixed.
The output does say it doesn't have any effect but my plan output begs to differ. |
This issue is really important. Its a security issue. Any of the top contributors can take a look here? |
Would be great if this could be addressed soon, we also run in the same issue. |
It would be great if someone could validate this fix |
+1 , this is preventing us from using it :/ |
Description
Our team has found a security issue on this provider when using field names with backslashes.
Essentially, set_sentitive doesn't work if we use backslashes because the code was splitting any dot character.
The solution was to ignore splitting when a backslash is added, and remove "\" when trying to find the set values.
Go doesn't have a look behind feature in regex. Thus, I opted to write a string tokenizer to ignore "." that are prefixed with "".
Acceptance tests
Release Note
Release note for CHANGELOG:
References
#737
Community Note