Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5314

Closed
mcasperson opened this issue Feb 19, 2019 · 2 comments
Closed

Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) #5314

mcasperson opened this issue Feb 19, 2019 · 2 comments
Assignees
@mcasperson
Labels
area/security kind/bug This issue represents a verified problem we are committed to solving LTS/2018.10 This issue affects 2018.10 LTS
Milestone
2018.10.4

Comments

@mcasperson
Copy link

Sensitive Terraform output variables are saved and exposed as regular variables, and printed in the logs.

For example, if you deploy the following Terraform template:

{"output":{"test":{"sensitive": true, "value": "hi"}}}

The value hi would appear in the logs.
@mcasperson mcasperson added kind/bug This issue represents a verified problem we are committed to solving area/cloud labels Feb 19, 2019
@mcasperson mcasperson added this to the 2018.10.4 milestone Feb 19, 2019
@mcasperson mcasperson self-assigned this Feb 19, 2019
@mcasperson
Copy link
Author

Sensitive variables are now masked in the logs and saved as Octopus sensitive variables.

@mcasperson mcasperson changed the title Save terraform sensitive values as Octopus sensitive values Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944) Feb 20, 2019
@michaelnoonan michaelnoonan added LTS/2018.10 This issue affects 2018.10 LTS and removed LTS labels May 2, 2019
@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@mcasperson mcasperson

Labels
area/security kind/bug This issue represents a verified problem we are committed to solving LTS/2018.10 This issue affects 2018.10 LTS
Projects
None yet
Milestone
2018.10.4
Development

No branches or pull requests
2 participants
@mcasperson @michaelnoonan