New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.env
values (potentially secrets) printed to stderr
#1736
Comments
Earthly will also output the secrets on the command line when being interrupted (Ctrl-C, SIGINT) during the build. |
The .env values are being converted to the earthly/earthfile2llb/interpretererror.go Line 54 in e5d6997
|
An initial work-in-progress has been opened in #1801; however, it sounds like we may need to rework how If we're forced to change the syntax, we could implement a credential-helper plugin, perhaps supporting a shell-out like: or even a generic helper that passes the required token to a program, .e.g. |
according to #179 (comment)
makes it sound like they should only be displayed when explicitly used by the target. In the case of referencing a target that doesn't exist, I think it should be fine to simply say:
|
I think the credential helper and separation in All input (e.g. from WDYT? |
This sounds like a good idea. |
Some other potential fixes from #2336
|
This issue was originally fixed in #2365 and should have been closed; however, due to use cases surrounding the streaming of logs (and underlying https://github.com/earthly/earthly/blob/ceda09e5c4c5b44885daf5b89d723828a9301fcb/logbus/bus.go implementation), it has been "reopened". @vladaionescu and I have decided to introduce a backwards breaking change for the upcoming
While a backwards breaking change is unpleasant, it will allow us to better isolate sensitive information, which will prevent the regression of this issue from re-appearing. |
This has been released under v0.7.0 |
will output
The text was updated successfully, but these errors were encountered: