Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provider discloses sensitive information when credentials are wrong #31

Open
Theragus opened this issue Jul 24, 2024 · 1 comment
Open

Provider discloses sensitive information when credentials are wrong #31

Theragus opened this issue Jul 24, 2024 · 1 comment

Comments

@Theragus
Copy link

We tried to set up Keeper Secrets Manager terraform provider within Terraform Cloud (HCP Terraform).
We first tried it with a One-Time Token which did not work until we realized we had to use the config file offered by Keeper Secrets Manager.
During the tests with the One-Time Token the provider discloses the sensitive value stored in the env variable during plan errors and in logs. (Output token redacted)
image

The provider should not disclose this information and should only tell that the value is wrong and maybe some additionol documentation.
@maksimu
Copy link
Collaborator

maksimu commented Jul 24, 2024

Thank you for bringing this to our attention. We will be releasing new version soon with this error message being redacted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maksimu @Theragus