Redaction manipulates actual secrets in debug mode #334

dkundel · 2021-08-17T17:22:32Z

Actual Behavior

If you deploy a project with -l debug that contains any of these keywords here as names of environment variables

serverless-toolkit/packages/twilio-run/src/utils/debug.ts

Lines 20 to 28 in 250165b

    
           'authToken', 
        
           'apiSecret', 
        
           'username', 
        
           'password', 
        
           'cookies', 
        
           'AUTH_TOKEN', 
        
           'API_SECRET', 
        
           'TWILIO_AUTH_TOKEN', 
        
           'TWILIO_API_SECRET',

The environments variables will be uploaded as [REDACTED] instead.

Expected Behavior

The environment variables get uploaded the exact way they are referenced but the logs show them as [REDACTED].

How to Reproduce

twilio serverless:init sample
cd sample
echo "API_SECRET=something" >> .env
twilio serverless:deploy -l debug
twilio serverless:env:get --key API_SECRET
# shows [REDACTED]
twilio serverless:deploy
twilio serverless:env:get --key API_SECRET
# shows actual value something
# both should be "something"

Versions

Node.js: 12.22.1
@twilio/runtime-handler: 1.1.3
@twilio-labs/plugin-serverless: 2.2.2

The text was updated successfully, but these errors were encountered:

makserik added this to the Post v3 milestone Mar 25, 2024

makserik added the bug Something isn't working label Mar 25, 2024

makserik added the good first issue Good for newcomers label Apr 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Redaction manipulates actual secrets in debug mode #334

Redaction manipulates actual secrets in debug mode #334

dkundel commented Aug 17, 2021

Redaction manipulates actual secrets in debug mode #334

Redaction manipulates actual secrets in debug mode #334

Comments

dkundel commented Aug 17, 2021

Actual Behavior

Expected Behavior

How to Reproduce

Versions