image-builder icon indicating copy to clipboard operation
image-builder copied to clipboard
verified publisher icon kubernetes-sigs

Hide ssh_password from the log output

Open mcbenjemaa opened this issue 7 months ago • 8 comments

When you run image-builder on CI. The build job output a lot of information and logs the variables.

the logs also include the ssh_username and ssh_password.

    "ssh_password": "foobar",
    "ssh_username": "builder",

mcbenjemaa avatar May 12 '25 15:05 mcbenjemaa

@mcbenjemaa Could you please use the issue template when filing these.

Please make sure to include which providers / OS / Make target this is related to as those make a difference as to what it actually output.

AverageMarcus avatar May 13 '25 06:05 AverageMarcus

  • Provider: QEMU & Proxmox
  • OS: Ubuntu / Flatcar
  • target: e.g, make build-qemu-flatcar

mcbenjemaa avatar May 13 '25 09:05 mcbenjemaa

This is a two way sword. Masking the ssh_password, will remove possibilty to debug in case of issues.

sriramandev avatar May 19 '25 05:05 sriramandev

This is a two way sword. Masking the ssh_password, will remove possibilty to debug in case of issues.

I would say, unless a debug flag is set otherwise, mask the password.

mcbenjemaa avatar May 19 '25 08:05 mcbenjemaa

Packer supports this with sensitive variables

Lirt avatar May 21 '25 21:05 Lirt

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 19 '25 21:08 k8s-triage-robot

/remove-lifecycle stale

sriramandev avatar Aug 25 '25 08:08 sriramandev

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 23 '25 09:11 k8s-triage-robot