AWS secrets may be exposed when running repository/config/aws tests in the CI workflows #8168
Assignees
Comments
mpryc
added a commit
to mpryc/velero
that referenced
this issue
Aug 30, 2024
…ng tests Changed the tests to use mocked function that will not read actual secrets from env variables nor AWS config file that may be on the system that is running tests. As a second guard against exposed secrets comparison for the values does not shows the actual values for the AWS data. This is to prevent situation where programming error may still allow the test to read AWS config/env variables instead of using mocked function. Signed-off-by: Michal Pryc <[email protected]>
This was referenced Aug 30, 2024
mpryc
added a commit
to mpryc/velero
that referenced
this issue
Sep 4, 2024
…ng tests Changed the tests to use mocked function that will not read actual secrets from env variables nor AWS config file that may be on the system that is running tests. As a second guard against exposed secrets comparison for the values does not shows the actual values for the AWS data. This is to prevent situation where programming error may still allow the test to read AWS config/env variables instead of using mocked function. Signed-off-by: Michal Pryc <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What steps did you take and what happened:
Ran the
github.com/vmware-tanzu/velero/pkg/repository/configtests with either:~/.aws/credentialsfileexport AWS_ACCESS_KEY_ID=exposed_credsThe error message contained exposed credentials and additional AWS data that should not be in the error message.
What did you expect to happen:
The
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEYfrom the running environment should never be exposed in the test logs nor errors.The text was updated successfully, but these errors were encountered: