OAuth Slack Token Logged In Clear #844
Comments
|
Thanks for reporting. |
|
For the Argo part, I agree with you, the In general, my personal opinion is that I don't think such token should be logged in the log files even in |
|
Okay, it seems good to me. Please send a PR? |
|
@kanata2 will be able to submit a PR in the coming 2 days. |
|
Thanks! |
kanata2
added
the
feedback given
|
@christophercutajar I'll close it once, but feel free to re-open it or send us a pull request if you want! |
|
@kanata2 We're seeing the same behavior of the token being printed out into our logs. We've updated to the latest version as of today v0.11.2 but still getting the printout. We have these debug logs being stored in dashboards so this is a major problem. Has it been fixed? It is never ideal to have tokens printed in any logs, debug or dev or whatever. |
|
@kanata2 my apologies I wasn't able to create a PR for this. Can you re-open the ticket please as not I'm able to work on this. @briemarie this wasn't solved from my end :( |
|
@christophercutajar and @kanata2 I opened a PR on a fork for you to review. Not sure if this is the kind of approach that is best or if the token should instead not be passed into the method calls, but I think this is a good approach since it is useful to know if a token was supplied or if it was empty. |
kanata2
added
needs investigation
and removed
feedback given
|
Thanks @briemarie! I'll confirm later. |
|
Hi! +1 The same problems. Token in logs. |
|
I sent now a proposed simpler fix: #1215 |
Describe the bug
While using Argo Event which leverage
slack-go/slackfor Slack triggers, it was noticed that the OAuth Slack token is logged in the clear. Specifically,slack/chat.go
Line 217 in 686c209
Expected behavior
OAuth Slack token not never be logged in the clear in the log files.
Argo Events related issue: argoproj/argo-events#944
The text was updated successfully, but these errors were encountered: