Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not print out NODE_AUTH_TOKEN #1053

Open
mobilutz opened this issue Dec 13, 2022 · 1 comment
Open

Do not print out NODE_AUTH_TOKEN #1053

mobilutz opened this issue Dec 13, 2022 · 1 comment
Labels
enhancement

Comments

@mobilutz
Copy link

During heroku build phase, this buildpacks prints out the runtime environments like so:

-----> Creating runtime environment

       NPM_CONFIG_LOGLEVEL=error
       USE_YARN_CACHE=true
       NODE_VERBOSE=false
       NODE_ENV=production
       NODE_AUTH_TOKEN=REDACTED
       NODE_MODULES_CACHE=true

I redacted the content of NODE_AUTH_TOKEN manually here, and I would love to see this done by the buildpack.

Yes I do know, that one can still see the config-var when looking at them through settings. But having them printed here in the logs in not a good practice, as I can easily be copied and posted by someone not knowing what this is.

I don't think I will find time to look and work on this, but maybe in the future when there is no PullRequest yet I will tackle this.
@colincasey
Copy link
Contributor

@mobilutz the code that prints out the environment variables will log any environment variable that starts with NODE_ (see here) which is why it is printing NODE_AUTH_TOKEN. If you rename that config var to AUTH_TOKEN or something like that then you should no longer see it printed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@colincasey @mobilutz