You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a private repository configured in my Pipfile, which specifies credentials via environment variables in the manner described in the pipenv user guide:
[[source]]
url = "https://${JFROG_USERNAME}:${JFROG_PASSWORD}@myorg.jfrog.io/myorg/api/pypi/myrepo/simple"
verify_ssl = true
name = "myrepo"
Upon running 'pipenv install' and a package is unable to be found at the remote index, pipenv is printing the following message with environment variables fully expanded:
No versions found
Were https://pypi.org/simple or https://XXXXX:[email protected]/myorg/api/pypi/myrepo/simple reachable?
Expected result
I expected that credentials and other secrets specified via environment variables would remain unexpanded in stdout/stderr messages, such that secrets aren't leaked via CI logs when errors occur.
Steps to replicate
Create a pipfile that points to a remote index with credentials specified via environment variables
Specify a package dependency that you know to not exist
Run 'pipenv install'
Observe expansion of environment variables in error output
Issue description
I have a private repository configured in my Pipfile, which specifies credentials via environment variables in the manner described in the pipenv user guide:
Upon running 'pipenv install' and a package is unable to be found at the remote index, pipenv is printing the following message with environment variables fully expanded:
Expected result
I expected that credentials and other secrets specified via environment variables would remain unexpanded in stdout/stderr messages, such that secrets aren't leaked via CI logs when errors occur.
Steps to replicate
$ pipenv --support
Pipenv version:
'2018.10.13'
Pipenv location:
'/home/spiderkeys/.local/lib/python3.6/site-packages/pipenv'
Python location:
'/usr/bin/python3'
Python installations found:
3.7.1
:/home/spiderkeys/.pyenv/versions/3.7.1/bin/python3.7
3.7.1
:/home/spiderkeys/.pyenv/versions/3.7.1/bin/python3.7m
3.6.6
:/usr/bin/python3.6
3.6.6
:/usr/bin/python3.6m
2.7.15
:/home/spiderkeys/.pyenv/versions/2.7.15/bin/python2.7
2.7.15rc1
:/usr/bin/python2.7
PEP 508 Information:
System environment variables:
CLUTTER_IM_MODULE
LS_COLORS
LESSCLOSE
XDG_MENU_PREFIX
LANG
DISPLAY
PYENV_ROOT
NDDSHOME
OLDPWD
GNOME_SHELL_SESSION_MODE
COLORTERM
DESKTOP_AUTOSTART_ID
USERNAME
CHROME_DESKTOP
XDG_VTNR
SSH_AUTH_SOCK
MANDATORY_PATH
JFROG_USERNAME
APPLICATION_INSIGHTS_NO_DIAGNOSTIC_CHANNEL
XDG_SESSION_ID
USER
DESKTOP_SESSION
QT4_IM_MODULE
TEXTDOMAINDIR
GNOME_TERMINAL_SCREEN
DEFAULTS_PATH
PWD
HOME
TEXTDOMAIN
SSH_AGENT_PID
TERM_PROGRAM
TERM_PROGRAM_VERSION
QT_ACCESSIBILITY
XDG_SESSION_TYPE
XDG_DATA_DIRS
XDG_SESSION_DESKTOP
FIREBASE_ADMIN_KEY
GTK_MODULES
WINDOWPATH
TERM
SHELL
VTE_VERSION
QT_IM_MODULE
XMODIFIERS
IM_CONFIG_PHASE
XDG_CURRENT_DESKTOP
GPG_AGENT_INFO
GNOME_TERMINAL_SERVICE
XDG_SEAT
SHLVL
GDMSESSION
JFROG_PASSWORD
GNOME_DESKTOP_SESSION_ID
LOGNAME
DBUS_SESSION_BUS_ADDRESS
XDG_RUNTIME_DIR
XAUTHORITY
XDG_CONFIG_DIRS
PATH
SESSION_MANAGER
LESSOPEN
GTK_IM_MODULE
_
PYTHONDONTWRITEBYTECODE
PIP_SHIMS_BASE_MODULE
PIP_PYTHON_PATH
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH
:/home/spiderkeys/.pyenv/bin:/home/spiderkeys/.cargo/bin:/home/spiderkeys/.cargo/bin:/home/spiderkeys/.cargo/bin:/home/spiderkeys/.cargo/bin:/home/spiderkeys/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
SHELL
:/bin/bash
LANG
:en_US.UTF-8
PWD
:/home/spiderkeys/myorg/production/utils/test_project
Contents of
Pipfile
('/home/spiderkeys/myorg/production/utils/test_project/Pipfile'):The text was updated successfully, but these errors were encountered: