Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor II
2 weeks ago
2 weeks ago

AWS and Google Cloud command-line tools can expose secrets in CI/CD logs

Dear All,

 

Security researchers warn that certain commands executed in the AWS and Google Cloud command-line interfaces (CLIs) will return credentials and other secrets stored in environment variables as part of the standard output. If such commands are executed as part of build workflows in CI/CD tools the secrets will be included in the returned build logs.

AWS and Google Cloud consider this expected behavior and it is up to users to take steps to ensure sensitive command outputs are not saved in logs or that sensitive credentials are stored securely and not in environment variables. The Microsoft Azure CLI had a similar behavior but Microsoft flagged it as an information disclosure vulnerability and fixed it back in November.

 

https://www.csoonline.com/article/2092486/aws-and-google-cloud-command-line-tools-can-expose-secrets...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
Reply
0 Kudos
2 Replies
ericgeater
Community Champion
2 weeks ago
2 weeks ago

AWS and Google Cloud consider this expected behavior

 

That's one way to get your customers to correct bad behavior and clean up their repositories, I guess.

-----------
A claim is as good as its veracity.
Reply
Kyaw_Myo_Oo
Contributor II
2 weeks ago
2 weeks ago

Thank you for contributing your thoughts @ericgeater.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
Reply
0 Kudos