GH Token is exposed in pod logs

Question

GH Token is exposed in pod logs

displague opened this issue 3 years ago · 0 comments

The GH Token is included in the emitted log output. With logs potentially being shipped to users or operators that should not have access to GH credentials, these secret values should be redacted from the logs.

I1108 13:29:14.352910       1 main.go:129] triage runtime config: {Cache:/root/.cache/triage-party Repos:[] DebugNumbers:[] GitHubAPIURL: GitHubToken:ghp_{token} GitLabToken:}