uv icon indicating copy to clipboard operation
uv copied to clipboard

Published 20 hours ago verified publisher icon astral-sh

uv sync CI secrets leak

Open matyx44 opened this issue 2 weeks ago • 4 comments

Summary

Hope this is not a duplicate, sorry if that is the case.

Description When running uv sync in GitLab CI, we hit a case where a source build of a dependency printed the entire os.environ, and that output was passed through by uv into the CI logs. This resulted in multiple sensitive environment variables (DB passwords, test user credentials, CI/infra/repository tokens, etc.) being exposed in the GitLab job log.

In our case the dependency was pymupdf==1.26.6 on CPython 3.13.9 / Alpine (no wheel available), whose setup.py prints detailed environment information including os.environ. Because uv streams the build output directly, all secrets in the environment were logged.

Environment uv image: astral/uv:0.9-python3.13-alpine Python: CPython 3.13.9 OS: Alpine Linux CI: GitLab CI Dependency: pymupdf==1.26.6 (no prebuilt wheel for this platform/runtime)

Steps to Reproduce Run GitLab CI job using astral/uv:0.9-python3.13-alpine. Configure environment with sensitive variables (DB password, tokens, etc.). Add pymupdf==1.26.6 (or any package whose setup.py prints os.environ) to pyproject.toml. Run uv sync. Inspect CI job log.

Actual Behavior During the source build of pymupdf, its setup.py prints the full os.environ. uv forwards this output to stdout. CI logs now contain all environment variables, including secrets. The build then fails with Failed to build pymupdf==1.26.6, but the secrets are already exposed.

Expected Behavior Can uv prevent this somehow? Or can we prevent this ourselves? The --quiet / -q flag does not hide this.

Screenshot from log:

Image

Platform

astral/uv:0.9-python3.13-alpine

Version

0.9

Python version

3.13

matyx44 avatar Nov 21 '25 09:11 matyx44

There's not really much uv can do here, iirc all build frontends show build backend output on failure which is needed for debugging. Instead, secrets should be redacted from logging by the CI provider, e.g. with https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable. GitHub Actions has a Secrets feature, where all secrets are added through a dedicated interface and automatically redacted, but I couldn't find the same mechanism in GitLab CI during a quick search.

konstin avatar Nov 21 '25 09:11 konstin

I'd also report this to that package, they shouldn't dump all of your environment.

zanieb avatar Nov 21 '25 16:11 zanieb

I wouldn't be opposed to a UV_HIDE_BUILD_LOGS option, I guess?

zanieb avatar Nov 21 '25 16:11 zanieb

@zanieb Something like that would be great, I reported it to the pymupdf package also, as you suggested. I am not sure how to mask secrets loaded into env variables from external secret manager such as Google Cloud, I don't think that is possible in gitlab sadly.

matyx44 avatar Nov 25 '25 08:11 matyx44