RFC: openjd_redacted_env: setting environment variables containing sensitive info which should be redacted from logs #85
Description
- Pull Request: feat(rfc): Write RFC 0003 to propose a method for redacting sensitive… #86
- Original Issue: Ability to pass persisted environmental data/variables without echoing in the terminal - i.e. for secrets #62
Description
Setting environment variables in an openjd Environment such that they are persisted in subsequent actions run while the Environment is still active currently requires echoing them to stdout with the openjd_env: key=value format which exposes potentially sensitive information such as credentials to logs.
This RFC proposes a new token, openjd_redacted_env, which sets environment variables exactly like openjd_env but defaults to redacting the potentially sensitive information from logs.
Roles
| Role | User |
|---|---|
| Proposed By | @baxeaz |
| Author(s) | @baxeaz |
Workflow
- Tracking issue created (label:
rfc/proposed) - RFC pull request submitted and ready for discussion (label:
rfc/exploring) - Last call for comments (labels:
rfc/exploringandrfc/final-comments) - Accepted and merged RFC pull request (label:
rfc/accepted-future) - Green-light for inclusion in a draft specification, and the author is creating and iterating on pull requests (label:
rfc/accepted-draft) - Pull requests are merged in to a draft specification (label:
rfc/accepted-staged) - Officially published in a non-draft revision of the specification (label:
rfc/released)
Please close this tracking issue when the proposal enters the Released stage of the process.
Open Points
For easier discovery, especially if there is a lot of discussion on this issue, then please keep this section updated
with brief summaries and pointers to the main points of discussion.
The author is responsible to progress the RFC according to this checklist, and
apply the relevant labels to this issue.