fossa-cli icon indicating copy to clipboard operation
fossa-cli copied to clipboard
verified publisher icon fossas

API key shows in --debug output

Open michaelcoyote opened this issue 6 years ago • 2 comments

Is your feature request related to a problem? Please describe. The --debug output of the fossa CLI commands contain the unredacted API key which may be a security risk

Describe the solution you'd like Remove or redact the API key in the --debug output or clearly mark in the documentation that running --debug exposes the API key

Describe alternatives you've considered No known workaround other than forgoing use of --debug.

Using a write-only API key might be a possibility.

michaelcoyote avatar Oct 17 '19 21:10 michaelcoyote

Listed as ANE-147 in our internal ticket tracker.

zlav avatar May 20 '22 23:05 zlav

Hi @michaelcoyote , we've patched the cli to redact API keys from debug bundle with release: https://github.com/fossas/fossa-cli/releases/tag/v3.2.7.

Please let us know if the issue persists.

meghfossa avatar Sep 15 '22 16:09 meghfossa