Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client: disallow pass-through of CONSUL_HTTP_TOKEN into tasks #7131

Closed
shoenig opened this issue Feb 12, 2020 · 3 comments
Closed

client: disallow pass-through of CONSUL_HTTP_TOKEN into tasks #7131

shoenig opened this issue Feb 12, 2020 · 3 comments
Assignees
@shoenig
Labels
theme/client theme/consul
Milestone
0.10.4

Comments

@shoenig
Copy link
Member

shoenig commented Feb 12, 2020

Nomad maintains a default list of environment variables that are filtered from the Nomad client's process when launching a task. Currently on this list are

  • CONSUL_TOKEN
  • VAULT_TOKEN
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SECRET_ACCESS_KEY
  • GOOGLE_APPLICATION_CREDENTIALS

In addition, we should filter CONSUL_HTTP_TOKEN, which is used by Consul CLI and Nomad CLI for some ACL privileged operations.
@shoenig shoenig self-assigned this Feb 12, 2020
@shoenig
Copy link
Member Author

shoenig commented Feb 12, 2020

#7129 surfaced & addresses this missing field

@shoenig
Copy link
Member Author

shoenig commented Feb 12, 2020

still TODO: make a note of this in the specific version upgrade details
https://www.nomadproject.io/guides/upgrade/upgrade-specific.html

@shoenig shoenig mentioned this issue Feb 13, 2020
Merged
@shoenig shoenig added this to the 0.10.4 milestone Feb 13, 2020
@shoenig shoenig closed this as completed Feb 13, 2020
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@shoenig shoenig

Labels
theme/client theme/consul
Projects
None yet
Milestone
0.10.4
Development

No branches or pull requests
1 participant
@shoenig