Shopify
[Bug] Leaked access-token on
Bug report
There was an error during a deployment that caused the kubeconfig.yml to be logged. The kubeconfig included an access-token. While access-tokens are short lived we shouldn't be logging them. Ideally we'd just sanitize sensitive information from the kubeconfig.yml instead of suppressing all of it. Possibly by not printing the auth-provider: section of a user or just not logging the entire users section
Error: Error loading config file "/app/config/kubeconfig.yml": v1.Config.Clusters:
[]v1.NamedCluster: v1.NamedCluster.Cluster: v1.Cluster.CertificateAuthorityData: decode base64: illegal base64 data at input byte 748, error found in #10 byte of ...|
Expected behavior:
access-token should never be logged.
Actual behavior:
access-token is logged as a part of the full kubeconfig.yml file.
Version(s) affected:
Likely all versions, but this happened on 1.0.0.pre.1
Steps to Reproduce
Unclear how to reproduce this exact failure. Might be enough to just have an invalid config file, but I haven't confirmed this
