Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use SecretBytes type for cert values to prevent accidental printing #147

Merged
merged 2 commits into from
Dec 15, 2023

Conversation

4141done
Copy link
Collaborator

@4141done 4141done commented Nov 29, 2023

Proposed changes

We save the values of the provided certs that we retrieve from Kubernetes secrets in the Certificates attribute on the Certificates struct.

This is sensitive information that we want to make sure stays out of the logs and any stack traces. A common approach to this is to create a type definition for sensitive values that implements Stringer and JSON interfaces and cast the sensitive data to that value.

Help

I'm very new to Go. I may have made some non-idiomatic choices or failed to use features which could have improved this.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • I have updated any relevant documentation (README.md and CHANGELOG.md)

Copy link
Collaborator

@ciroque ciroque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor nit, otherwise this is a nice clean addition to the code

internal/certification/certificates.go Outdated Show resolved Hide resolved
internal/configuration/settings.go Outdated Show resolved Hide resolved
internal/core/secret_bytes.go Outdated Show resolved Hide resolved
@ciroque
Copy link
Collaborator

ciroque commented Dec 15, 2023

@4141done do you need anything from me to merge this?

@4141done
Copy link
Collaborator Author

@4141done do you need anything from me to merge this?

If you have time would you be able to run a test pass on it? That's what I keep not having time to go through. Otherwise I think we are good.

@ciroque
Copy link
Collaborator

ciroque commented Dec 15, 2023

Confirmed integration test works.

@4141done 4141done force-pushed the je-145-unloggable-certs branch from 23457dd to 3d3e17f Compare December 15, 2023 22:40
@4141done 4141done merged commit 2ee0441 into main Dec 15, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants