Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

passwords visible in preview #1005

Open
fdrab opened this issue Jul 19, 2023 · 3 comments
Open

passwords visible in preview #1005

fdrab opened this issue Jul 19, 2023 · 3 comments

Comments

@fdrab
Copy link

fdrab commented Jul 19, 2023

Hello,

I've found past issue (#411) that should have solved this, but it seems in 3.8.0 the preview leaks fields marked as secret:
Screenshot 2023-07-19 173418
Do I have to configure something in the st2.conf? Or is this by design?

BR,
Filip

@arm4b
Copy link
Member

arm4b commented Jul 24, 2023

This sounds like a bug indeed as secrets should be masked. Thanks for the report.

If someone is interested in contributing, the fix should be done in the st2 core which provides st2web with an API response.

@docbyte86
Copy link

Same issue while checking the past executions in the execution tab.

@fdrab
Copy link
Author

fdrab commented Jul 27, 2023

Same issue while checking the past executions in the execution tab.

can you post example screenshot? I see secrets properly masked in past execution outputs:
Screenshot 2023-07-27 084430

If, however, you store a secret in the context and then post the whole context as output, the secret is going to be posted cleartext.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants