Skip to content

censor values of filtered/sensitive environment variables rather than removing them from test report#4889

Draft
boegel wants to merge 1 commit intoeasybuilders:developfrom
boegel:create_test_report
Draft

censor values of filtered/sensitive environment variables rather than removing them from test report#4889
boegel wants to merge 1 commit intoeasybuilders:developfrom
boegel:create_test_report

Conversation

@boegel
Copy link
Member

@boegel boegel commented May 21, 2025

follow-up to #4877 by @Crivella

tests will need some work, so marked as WIP

This results in filtered/censored environment variables to still be mentioned in the test report, but without their value:

$ export JWT_TOKEN_TEST='eyJAAA'
$ export export MY_SECRET=foo
$ eb example.eb --dump-test-report
$ egrep 'SECRET|TOKEN' test_report.md
JWT_TOKEN_TEST = ... # value censored since this is potentially a sensitive environment variable
MY_SECRET = ... # value censored since this is potentially a sensitive environment variable

Whether or not an environment variable was set could be useful information, even without knowing its value, hence this change.

We can potentially keep the current behavior for environment variables listed in --test-report-env-filter (i.e. actually removed them from the test report), and only use the censoring approach for "sensitive" environment variables...

@boegel boegel added this to the release after 5.1.0 milestone May 21, 2025
@boegel boegel modified the milestones: 5.1.1, release after 5.1.1 Jul 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

change enhancement

Projects

None yet

Milestone

next release (5.2.1?)

Development

Successfully merging this pull request may close these issues.

1 participant

@boegel