Operating system

Ubuntu 22.04.3 LTS

Helmfile Version

0.157.0

Helm Version

v3.13.0

Bug description

When repos fails to login to a Helm repository with helm registry login, it prints the registry password to stdout. This can be dangerous when the helmfile execution logs are readable.

It looks like the issue was introduced by the following commit by @yxxhero : cfa89d4#diff-cc23d827ce15a3ce002578cc0b18d846fd3614d59ac080c703bdd17881466795R235. Before the commit, password was not passed in the command args, only in the helm.execStdin call below.

Example helmfile.yaml

repositories:

• name: roboll
  url: roboll.io/charts
  username: test
  password: test1234
  oci: true
  passCredentials: true
  verify: true

releases:

• name: vault # name of this release
  namespace: vault # target namespace
  chart: roboll/vault-secret-manager

Error message you've seen (if any)

$ helmfile repos
Logging in to registry
in ./helmfile.yaml: command "/usr/local/bin/helm" exited with non-zero status:

PATH:
/usr/local/bin/helm

ARGS:
0: helm (4 bytes)
1: registry (8 bytes)
2: login (5 bytes)
3: roboll.io/charts (16 bytes)
4: --username (10 bytes)
5: test (4 bytes)
6: --password-stdin (16 bytes)
7: test1234 (8 bytes)

ERROR:
exit status 1

EXIT STATUS
1

STDERR:
time="2024-01-08T15:50:04-05:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get "https://roboll.io/v2/\": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host"
Error: Get "https://roboll.io/v2/": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host

COMBINED OUTPUT:
time="2024-01-08T15:50:04-05:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get "https://roboll.io/v2/\": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host"
Error: Get "https://roboll.io/v2/": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host

Steps to reproduce

helmfile repos

Working Helmfile Version

0.154.0

Relevant discussion

No response