Page MenuHomePhabricator
Create Task
Maniphest T332817

Improve awareness of sensitive content in helmfile output
Open, Needs TriagePublic
Actions

Description

I added a warning to the Kubernetes/Deployments wikitech page.

But maybe we could also consider a small shell script that provides a warning and a prompt on the server before calling helmfile, so e.g. we'd tell people to run a script called wm-helmfile:

$ wm-helmfile -e eqiad -i apply --context 5
$ NOTE: The output of this command can contain sensitive information like usernames and API keys. Use caution when sharing its output. Continue? (y/n)
$ {helmfile is invoked with arguments}

Other ideas to warn/notify people in context of the command they are running?

The context for this task is T332598.

Related Objects

Event Timeline

kostajh created this task.Mar 22 2023, 8:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 22 2023, 8:05 PM
Volans mentioned this in T332598: changeprop-jobqueue password leaked on phabricator.Mar 27 2023, 7:51 AM
Krinkle subscribed.Mar 29 2023, 10:16 PM

I don't know the specific context here, but, I want to add that it is possible to wrap a command under the same name. Typically this is done by referencing the full path of the provisioned and executable from another shell PATH entry that has higher more local precedence.

Reasons to avoid this include if the modification in question is interactive and non-optional in ways that would break automated use. I don't know if that's the case here. (Eg when piped or otherwise scripted.) it's usually possible to detect whether one is in an interactive shell and then behave the same as normal etc.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits