e.g.,
++ APPSMITH_MONGODB_URI=mongodb+srv://...
#plaintext passwords in logs
violet kite
stable jasperBOT
Hey There,
We've registered your query, and our team will get back to you soon.
Regards,
Pranav
stable jasperBOT
Hello! Could you please elaborate on your use case and send some screenshots to
help us better understand what you are trying to achieve?
violet kite
my use case is to run self-hosted appsmith in kubernetes without disclosing passwords in logs
kubectl logs -n conductor appsmith-fbc54544d-jndnw |grep -E "_(PASSWORD|URI)" |sed -E 's/=.*/=.../g'
++ APPSMITH_MAIL_PASSWORD=...
++ APPSMITH_MONGODB_URI=...
++ APPSMITH_MONGODB_PASSWORD=...
++ APPSMITH_ENCRYPTION_PASSWORD=...
++ APPSMITH_SUPERVISOR_PASSWORD=...
++ APPSMITH_MONGODB_URI=...
++ APPSMITH_KEYCLOAK_DB_PASSWORD=...
- echo 'Checking APPSMITH_MONGODB_URI'
Checking APPSMITH_MONGODB_URI - KEYCLOAK_ADMIN_PASSWORD=...
- export KEYCLOAK_ADMIN_PASSWORD
- echo KEYCLOAK_ADMIN_PASSWORD=...
++ awk -F=...
APPSMITH_MAIL_PASSWORD=...
APPSMITH_MONGODB_URI=...
APPSMITH_MONGODB_PASSWORD=...
APPSMITH_ENCRYPTION_PASSWORD=...
APPSMITH_SUPERVISOR_PASSWORD=...
KEYCLOAK_ADMIN_PASSWORD=...
APPSMITH_MAIL_PASSWORD=...
APPSMITH_MONGODB_URI=...
APPSMITH_MONGODB_PASSWORD=...
APPSMITH_ENCRYPTION_PASSWORD=...
APPSMITH_SUPERVISOR_PASSWORD=...
KEYCLOAK_ADMIN_PASSWORD=...
dots by me, in actual logs those seem to be actual passwords
stable jasperBOT
Which version of Appsmith are you using? Can you please send a copy of your logs
to [email protected] and include a link to this conversation in the email?
violet kite
1.6.12. i would not want to send unredacted logs, is kind of my point
stable jasperBOT
That's a very old version of Appsmith. We're currently on 1.9.16. I recommend
you upgrade to the latest version. Since you're so far behind, you'll need to
upgrade to our last checkpoint version, 1.9.2, and then update to the latest.
Please see this guide in our docs for more information:
violet kite
excuse me, 1.9.12
stable jasperBOT
Ok. I am checking with the team on this.