Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secrets defined with stringData are shown in plain text when running tk delete #819

Open
nicolajknudsen opened this issue Mar 10, 2023 · 2 comments
Labels
kind/bug Something isn't working

Comments

@nicolajknudsen
Copy link

nicolajknudsen commented Mar 10, 2023

When applying a Secret, the diff shown in the console has the actual values censored as expected.
However, when running tk delete the diff shows the key value pairs in plain text if stringData is used:

tk apply:

+apiVersion: v1
+data:
+  DB_DATABASE: '***'
+  DB_HOSTNAME: '***'
+  DB_PASSWORD: '***'
+  DB_USERNAME: '***'
+kind: Secret

tk delete:

-apiVersion: v1
-data: {}
-kind: Secret
-stringData:
-  DB_DATABASE: application
-  DB_HOSTNAME: example.com
-  DB_PASSWORD: very_secret_password
-  DB_USERNAME: user
-type: Opaque

It seems to me that this information should be hidden in the terminal output as well.


$ tk --version
2023/03/10 13:10:05 tk version v0.23.1-15-gd36a5d0
@julienduchesne
Copy link
Member

Where did you run Tanka in that context? I'm not sure Tanka is even responsible for hiding your values in the tk apply 🤔

@Elfo404 Elfo404 added this to Tanka May 27, 2024
@github-project-automation github-project-automation bot moved this to Triage in Tanka May 27, 2024
@zerok zerok added the kind/bug Something isn't working label May 27, 2024
@zerok zerok moved this from Triage to Backlog in Tanka May 27, 2024
@zerok
Copy link
Contributor

zerok commented May 27, 2024

From what I can tell, the hiding in the apply-diff happens thanks to the diff being generated on the server and not the client. The StaticDiffer is used for delete, which doesn't do any hiding. The main reason why the StaticDiffer is used here is that we can force a certain output, e.g. that the given manifest list should be deleted.

Hiding the data of a secret should be doable, though, on that level and would make the behaviour a bit more consistent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working
Projects
Status: Backlog
Development

No branches or pull requests

3 participants