Prevent oauth secrets from being exposed in logs via override messages #922

wo2wz · 2025-11-02T01:01:40Z

wo2wz
Nov 2, 2025

oauth secret options like OAUTH_OIDC_CLIENT_SECRET should be censored or suppressed in the environment variable override logs under normal circumstances, since with tools like systemd's journalctl it is possible to view them plainly, unprivileged.

diced · 2025-11-03T23:34:32Z

diced
Nov 3, 2025
Maintainer

this isn't something zipline needs to do, but rather your log viewing thing should be able to redact certain stuff, as well as making them unable to be viewed without the correct privileges.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Prevent oauth secrets from being exposed in logs via override messages #922

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Uh oh!

Prevent oauth secrets from being exposed in logs via override messages #922

Uh oh!

Uh oh!

wo2wz Nov 2, 2025

Replies: 1 comment

Uh oh!

Uh oh!

diced Nov 3, 2025 Maintainer

wo2wz
Nov 2, 2025

diced
Nov 3, 2025
Maintainer