Allow fetching passwords from environment variables #338
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Passing sensitive data through command line args is not generally safe on many *nix systems, because the arguments leak to all users, such as through /proc/PID/cmdline on Linux. Instead, the usual pattern for passing passwords to programs is via environment variables, which do not leak to all users. Wire up the input getter's logic to handle these. The existing logic is: - If the argument is a file that exists or starts with file:, treat it as a file and read its contents. - Otherwise, treat it as the data itself. The new logic is: - If the argument is a file that exists or starts with file:, treat it as a file and read its contents. - If the argument starts with env: and that environment variable exists, treat it as an environment variable and read its contents. - Otherwise, treat it as the data itself. Requiring the environment variable to actually exist -- much like how file's unprefixed by file: have to exist to be considered as files -- will mitigate false positives of, e.g., actual passwords that begin with "env:", so the potential for regression should be exceedingly low.
|
The two failures seem to be issues running something called "ghost tunnel". Is that a CI flake? |
|
Yes the hardware tests require access to secrets that your branch doesn't have access to. I will test manually. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Passing sensitive data through command line args is not generally safe on many *nix systems, because the arguments leak to all users, such as through /proc/PID/cmdline on Linux.
Instead, the usual pattern for passing passwords to programs is via environment variables, which do not leak to all users. Wire up the input getter's logic to handle these.
The existing logic is:
The new logic is:
Requiring the environment variable to actually exist -- much like how file's unprefixed by file: have to exist to be considered as files -- will mitigate false positives of, e.g., actual passwords that begin with "env:", so the potential for regression should be exceedingly low.