Set code studio default env variable values to be masked #1586
Conversation
shubham-bansal96
changed the title
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #1586 +/- ##
=========================================
Coverage 91.76% 91.76%
Complexity 1809 1809
=========================================
Files 124 124
Lines 6471 6471
=========================================
Hits 5938 5938
Misses 533 533
☔ View full report in Codecov by Sentry. |
|
@shubham-bansal96 this is a public repo. Requesting that we do not share sensitive information publicly. I have redacted the backlog URL. |
Thanks @anavarre for letting me know. Next time i will keep in my mind while raising a PR. |
|
@shubham-bansal96 - Could you resolve the mutants reported? Here is the link for guidance. |
shriacquia
changed the title
shriacquia
changed the title
|
Thanks for your contribution. Dane returns in mid-October. We'll look into finalizing and merging this then |
|
Thanks for the PR! |
Motivation
Recently we found that code studio environment variables like
TOKEN_KEY, TOKEN_SECRETare being logged in sumo logic in plain text format, which is a security concern.Fixes GL-1377
Proposed changes
In order to avoid logging env variable values in clear text format, we will be masking code studio default env variable.
In this PR we will setting all default env variable values as
masked.Alternatives considered
Testing steps
You can replicate this issue by creating a new project for code studio and check the env variables values under CI/CD variable. You will see currently default env values is not masked except
ACQUIA_GLAB_TOKEN_SECRET.Once these changes are deployed then you can verify the changes by creating a new project for code studio and run a pipeline with printing the default variables inside it. Now verify the job logs, You should not see value of default env variables in job logs.