Dagger secrets information leaking | Dagger | Page 1

cyan marten Oct 10, 2024, 10:16 AM

#

Hello Folks 🙂

We are using dagger 0.13.0 engine/sdk and have been utilizing WithSecretVariable api form go sdk. We recently found that secrets information being leaked into some places

trace spans sent to honeycomb
container logs

Could you please guide us how to mask these information?

fickle kraken Oct 10, 2024, 11:39 AM

#

hm, do you have an example of some code that causes this issue? it shouldn't be getting into those places if you're using WithSecretVariable

cyan marten Oct 10, 2024, 11:43 AM

#

for key, value := range *params.SecretEnvVariables {
  container = container.WithSecretVariable(key, a.client.SetSecret(key, value))
}```

fickle kraken Oct 10, 2024, 11:46 AM

#

yeah, i mean more of a complete example - secrets should be removed from the container logs, we have tests for this - if you're seeing secrets in traces/container logs, then i need a more complete example

#

do you use the secret values without the WithSecretVariable anywhere?

cyan marten Oct 10, 2024, 11:47 AM

#

do you use the secret values without the WithSecretVariable anywhere?
no, we use a common func shared above

#Dagger secrets information leaking