Exposed password in terraform apply

Question

Exposed password in terraform apply

Closed this issue 7 months ago · 1 comments

Describe the bug
exposed password for an mke user created using the provider

To Reproduce
Steps to reproduce the behavior:

Attempt to create a new user that already exists

Expected behavior
we should simply receive the error:

Error: Create account error
│
│ with mke_user.this,
│ on main.tf line 9, in resource "mke_user" "this":
│ 9: resource "mke_user" "this" {
│
│ creating account deployuser failed.

however we see see the entire api request that failed (which exposes the password within it):

│ Error: Create account error
│
│ with mke_user.this,
│ on main.tf line 9, in resource "mke_user" "this":
│ 9: resource "mke_user" "this" {
│
│ creating account deployuser failed. request returned ResponseError in MKE
│ client: Status code: 400 : {
│ "errors": [
│ {
│ "code": "ACCOUNT_EXISTS",
│ "message": "An account with the same name already exists."
│ }
│ ]
│ }
│ req: {
│
│ "headers": {
│
│ "Authorization": [
│
│ "Bearer c61f559c-a2b9-45f5-a0ed-68114602039f"
│
│ ],
│
│ "Content-Type": [
│
│ "application/json"
│
│ ]
│
│ },
│
│ "body": "{"name":"usernameExposed","id":"","password":"passwordExposed","isActive":true}"
│
│ }

Answer 1 · 2024-01-27T18:28:42.000Z

Stale issue message