Comments (9)
In case it's useful here's my temporary workaround manics@9f8e581
from helmfile.
@cmeury Thanks for the thoughtful response as always!
potential frustration by having to conform to a "foreign" naming scheme
unexpected behavior such as accidentally naming the variable as a "secret" and then wondering why it's not printed for hours.
Good points. I can't agree more!
Then, I'd be happy with something like {{ secretenv "MY_TOKEN" }}
, without a hyphen, which conforms naming convention seen in golang text/template funcs in the wild.
from helmfile.
Or we define a function called env_secret
that will not output the contents?
from helmfile.
@cmeury Good point! But I can't exactly say which is the best one here - both seems nice in its own way.
Anyone has a preference, and why is that? 🤔
from helmfile.
I dislike introducing a variable naming convention for this, because it's quite restrictive for the user (potential frustration by having to conform to a "foreign" naming scheme) and it could lead to unexpected behavior such as accidentally naming the variable as a "secret" and then wondering why it's not printed for hours.
from helmfile.
I just ran into a related issue which might be covered by this whilst setting up a deployment with GitLab. I'm working on an opensource project so I'd like the deploy logs which include helm sync
to be open but this means masking some secret env-vars which are passed from GitLab. The quiet -q
in helm -q sync
is too quiet since it also hides the output of helm.
Might another way around this be a flag that suppresses this line, or prints out a shortened version without all the args?
Line 87 in 283848c
from helmfile.
@manics Thanks for sharing your work!
I'd rather like helmfile to be declarative as much as possible so I'm inclined to the secretenv
approach noted above, for the purpose of resolving this issue.
However, your work could be useful for operational purpose, like in cases that you want to logger the logging level for fewer outputs from a helmfile run.
So, would it make sense to discuss in another issue about logging level(trace, debug, info, warn, and so on) and probably suppress exec: helm $args
outputs in the info/warn levels but not in trace/debug?
from helmfile.
@manics Hi! Thanks for the suggestion and creating the issue #93.
I'm now inclined to the feature you call a workaround. It turns out to me that, masking only {{secretenv "..." }}
of templated strings adds little value compared to the amount of code required for implementation.
Would you mind submitting your work as a PR? Code LGTM and I'll be merging it quickly 😆
from helmfile.
I believe this isn't needed anymore because we now have configurable log level thanks to #93 #185.
As long the log level is greater than debug
, executed helm command and therefore those secrets are not logged.
Also note that we basically should not log secrets #202 #206
from helmfile.
Related Issues (20)
- Handle SIGTERM for dependent helm processes HOT 2
- How to use needs for local helm charts deployed HOT 1
- line x: mapping key "<<" already defined at line y HOT 2
- panic: error parsing helm version 'v3.7.1+7.el8+g8f33223' HOT 1
- Helm CVE-2023-25165 HOT 2
- failed reading adhoc dependencies: unexpected format of `helm repo list HOT 1
- The best thing about this
- Exited with status 1 because of an internal system error. Our team has been notified.
- values file does not exist in "." HOT 1
- exec function passing arguments to shell script HOT 1
- Stay DRY with the environment variables HOT 1
- 4AEE18F83AFDEB23 HOT 1
- Vulnerability of dependency "github.com/hashicorp/go-getter"
- Please archive this repo if it's no longer being used HOT 2
- Getting "map has no entry for key" for some secrets files when using kms encryption HOT 1
- Possible race condition signal: killed
- Getting error messages when i run Helmsfile apply
- selector labels renders all releases within helmfiles.
- How can i pass multiple Helm values files to a Kutomized Helm Chart ? HOT 1
- Add useful hook environment variables HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helmfile.