helmsman icon indicating copy to clipboard operation
helmsman copied to clipboard
verified publisher icon Praqma

when adding private repositories fails, passwords can be leaked into the logs

Open sami-alajrami opened this issue 5 years ago • 2 comments

When helm add repo fails, the helm error may contain the password of a private repo logged in plain text and Helmsman reports that error back in its logs.

Helmsman v3.4.0 , Helm> v3.3.1

CRITICAL: While adding helm repository [myrepo]: Error: looks like "https://user:[email protected]/myrepo/myrepo-helm-virtual" is not a valid chart repository or cannot be reached: failed to fetch https://user:[email protected]/myrepo/myrepo-helm-virtual/index.yaml : 403 Forbidden

Not sure if there is a way to workaround this on the helmsman side.

sami-alajrami avatar Dec 02 '20 10:12 sami-alajrami

Try v3.4.5, I think https://github.com/Praqma/helmsman/pull/505 fixes this as a side-effect

antoinedeschenes avatar Dec 04 '20 08:12 antoinedeschenes

This issue has been marked stale due to an inactivity.

github-actions[bot] avatar Aug 05 '22 05:08 github-actions[bot]