serverless-toolkit icon indicating copy to clipboard operation
serverless-toolkit copied to clipboard
verified publisher icon twilio-labs

Redaction manipulates actual secrets in debug mode

Open dkundel opened this issue 4 years ago • 0 comments

Actual Behavior

If you deploy a project with -l debug that contains any of these keywords here as names of environment variables

https://github.com/twilio-labs/serverless-toolkit/blob/250165bbf672a43cc9d17ce34ba860f98e37f326/packages/twilio-run/src/utils/debug.ts#L20-L28

The environments variables will be uploaded as [REDACTED] instead.

Expected Behavior

The environment variables get uploaded the exact way they are referenced but the logs show them as [REDACTED].

How to Reproduce

twilio serverless:init sample
cd sample
echo "API_SECRET=something" >> .env
twilio serverless:deploy -l debug
twilio serverless:env:get --key API_SECRET
# shows [REDACTED]
twilio serverless:deploy
twilio serverless:env:get --key API_SECRET
# shows actual value something
# both should be "something"

Versions

Node.js: 12.22.1 @twilio/runtime-handler: 1.1.3 @twilio-labs/plugin-serverless: 2.2.2

dkundel avatar Aug 17 '21 17:08 dkundel