hetznercloud/csi-driver

Possible sensitive mount options are logged by the csi-driver

Closed this issue · 0 comments

lukasmetzner commented

TL;DR

We log the mount options with level info, which may contain sensitive information according to the CSI-Spec.

Expected behavior

Do not log sensitive information.

Observed behavior

According to the spec mount_flags may contain sensitive information. We always log mount options with level info.

Minimal working example

No response

Log output

No response

Additional information

Proposal:

  • Use MountSensitive here
  • Do not log all mount options here
  • Put all mount options from volume context into the sensitive options parameter when using FormatAndMountSensitiveWithFormatOptions in #747