Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator generate-root -decode: allow token from stdin #12881

Merged
merged 3 commits into from Oct 20, 2021
Merged

operator generate-root -decode: allow token from stdin #12881

merged 3 commits into from Oct 20, 2021

Conversation

davidducros
Copy link
Contributor

Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.

@davidducros
operator generate-root -decode: allow token from stdin
30b9311 
Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 20, 2021 13:16 Inactive
@vercel vercel bot temporarily deployed to Preview – vault October 20, 2021 13:19 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 20, 2021 13:19 Inactive
@davidducros davidducros mentioned this pull request Oct 20, 2021
Closed
@davidducros
Copy link
Contributor Author

Created issue #12882 to cover this request.

ccapurso
ccapurso requested changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@ccapurso ccapurso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution! I left one comment regarding validating the value read from stdin which likely needs to be addressed then verified with another test case.

@vercel vercel bot temporarily deployed to Preview – vault October 20, 2021 15:21 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 20, 2021 15:21 Inactive
ccapurso
ccapurso approved these changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@ccapurso ccapurso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks again for the contribution!

@ccapurso ccapurso added this to the 1.9 milestone Oct 20, 2021
@ccapurso ccapurso linked an issue Oct 20, 2021 that may be closed by this pull request
operator generate-root -decode: allow passing encoded token via stdin #12882
Closed
@ccapurso ccapurso merged commit ea05477 into hashicorp:main Oct 20, 2021
@davidducros
Copy link
Contributor Author

Thanks for the speedy response @ccapurso

@davidducros davidducros deleted the allow-decode-from-stdin branch October 21, 2021 13:28
qk4l pushed a commit to qk4l/vault that referenced this pull request Feb 4, 2022
@davidducros
operator generate-root -decode: allow token from stdin (hashicorp#12881)
7ba02a6 
* operator generate-root -decode: allow token from stdin

Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.

* add changelog entry for PR12881

* add check/test for empty decode value passed via stdin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccapurso ccapurso ccapurso approved these changes

@taoism4504 taoism4504 Awaiting requested review from taoism4504

Assignees
No one assigned
Labels
core/token enhancement
Projects
None yet
Milestone
1.9
Development

Successfully merging this pull request may close these issues.

operator generate-root -decode: allow passing encoded token via stdin
2 participants
@davidducros @ccapurso