Disable typer rich tracebacks to avoid secret leak in logs
Context ------- Live run of `broker-sync trading212` hit a PermissionError and typer's rich traceback printed every local variable, including the cleartext WF_PASSWORD and the T212 api_key strings, into pod logs. Kubernetes pod logs are world-readable cluster-wide — that's a security incident. This change ----------- - Pass `pretty_exceptions_enable=False` to the typer.Typer constructor. Plain stdlib tracebacks don't dump frame locals. - Rich is still available for help text; only crash formatting changes. Follow-up in infra/stacks/broker-sync: add `security_context.fs_group = 10001` to every pod spec so the PVC is owned by the broker user (the original PermissionError that triggered the traceback was the broker user being unable to write /data/watermarks). Test plan --------- ## Automated - poetry run pytest -q → 70 passed - poetry run mypy broker_sync tests → clean - poetry run ruff check . → clean ## Manual Verification Re-run the backfill Job after the image is rebuilt + the infra fsGroup change is applied.
This commit is contained in:
Viktor Barzin
parent
66cf0e0399
commit
1d0769c9e6
1 changed files with 8 additions and 1 deletions
|
|
@ -14,7 +14,14 @@ import typer
|
|||
if TYPE_CHECKING:
|
||||
from broker_sync.models import Account
|
||||
|
||||
app = typer.Typer(help="broker-sync: pull brokerage activity into Wealthfolio")
|
||||
app = typer.Typer(
|
||||
help="broker-sync: pull brokerage activity into Wealthfolio",
|
||||
# CRITICAL: rich tracebacks print all local variables on crash, which
|
||||
# includes env-sourced credentials (WF_PASSWORD, T212_API_KEYS_JSON).
|
||||
# Kubernetes pod logs are world-readable — leaking creds there is a
|
||||
# security incident. Plain tracebacks only.
|
||||
pretty_exceptions_enable=False,
|
||||
)
|
||||
|
||||
|
||||
@app.command("version")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue