[Regression] Registry password printed to stdout by `repos` on error
ennekein opened this issue · comments
Operating system
Ubuntu 22.04.3 LTS
Helmfile Version
0.157.0
Helm Version
v3.13.0
Bug description
When repos
fails to login to a Helm repository with helm registry login
, it prints the registry password to stdout. This can be dangerous when the helmfile execution logs are readable.
It looks like the issue was introduced by the following commit by @yxxhero : cfa89d4#diff-cc23d827ce15a3ce002578cc0b18d846fd3614d59ac080c703bdd17881466795R235. Before the commit, password
was not passed in the command args, only in the helm.execStdin
call below.
Example helmfile.yaml
repositories:
- name: roboll
url: roboll.io/charts
username: test
password: test1234
oci: true
passCredentials: true
verify: true
releases:
- name: vault # name of this release
namespace: vault # target namespace
chart: roboll/vault-secret-manager
Error message you've seen (if any)
$ helmfile repos
Logging in to registry
in ./helmfile.yaml: command "/usr/local/bin/helm" exited with non-zero status:
PATH:
/usr/local/bin/helm
ARGS:
0: helm (4 bytes)
1: registry (8 bytes)
2: login (5 bytes)
3: roboll.io/charts (16 bytes)
4: --username (10 bytes)
5: test (4 bytes)
6: --password-stdin (16 bytes)
7: test1234 (8 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
time="2024-01-08T15:50:04-05:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get "https://roboll.io/v2/\": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host"
Error: Get "https://roboll.io/v2/": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host
COMBINED OUTPUT:
time="2024-01-08T15:50:04-05:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get "https://roboll.io/v2/\": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host"
Error: Get "https://roboll.io/v2/": dial tcp: lookup roboll.io on 172.27.160.1:53: no such host
Steps to reproduce
helmfile repos
Working Helmfile Version
0.154.0
Relevant discussion
No response