Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Action with setVariable and sensitive=true still requires mute=true to suppress stdout #3030

Open
ldgriswold opened this issue Sep 25, 2024 · 0 comments
Open

Action with setVariable and sensitive=true still requires mute=true to suppress stdout #3030

ldgriswold opened this issue Sep 25, 2024 · 0 comments
Labels
tech-debt 💳 Debt that the team has charged and needs to repay

Comments

@ldgriswold
Copy link

Describe what should be investigated or refactored

As described in the zarf documentation https://docs.zarf.dev/ref/actions/, mute is the correct field to set to suppress stdout. However, the documentation in the https://docs.zarf.dev/ref/actions/#action-transformations has an example where sensitive: true is set WITHOUT setting mute: true. This results in the stdout being displayed in the logs of something like a GitLab runner and potentially exposing secrets.

Additional context

The https://github.com/zarf-dev/zarf/blob/main/examples/component-actions/zarf.yaml#L128-L131 example does document how this should be done, but it might be as simple as updating the docs, or forcing mute: true when sensitive: true is set.
@ldgriswold ldgriswold added the tech-debt 💳 Debt that the team has charged and needs to repay label Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tech-debt 💳 Debt that the team has charged and needs to repay
Projects
Zarf
Status: Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ldgriswold