From 1d0769c9e6a98d4c54055392e717c4a4b5731e0b Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 17 Apr 2026 20:22:30 +0000 Subject: [PATCH] Disable typer rich tracebacks to avoid secret leak in logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Context ------- Live run of `broker-sync trading212` hit a PermissionError and typer's rich traceback printed every local variable, including the cleartext WF_PASSWORD and the T212 api_key strings, into pod logs. Kubernetes pod logs are world-readable cluster-wide — that's a security incident. This change ----------- - Pass `pretty_exceptions_enable=False` to the typer.Typer constructor. Plain stdlib tracebacks don't dump frame locals. - Rich is still available for help text; only crash formatting changes. Follow-up in infra/stacks/broker-sync: add `security_context.fs_group = 10001` to every pod spec so the PVC is owned by the broker user (the original PermissionError that triggered the traceback was the broker user being unable to write /data/watermarks). Test plan --------- ## Automated - poetry run pytest -q → 70 passed - poetry run mypy broker_sync tests → clean - poetry run ruff check . → clean ## Manual Verification Re-run the backfill Job after the image is rebuilt + the infra fsGroup change is applied. --- broker_sync/cli.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/broker_sync/cli.py b/broker_sync/cli.py index 7e09fe5..ce4407a 100644 --- a/broker_sync/cli.py +++ b/broker_sync/cli.py @@ -14,7 +14,14 @@ import typer if TYPE_CHECKING: from broker_sync.models import Account -app = typer.Typer(help="broker-sync: pull brokerage activity into Wealthfolio") +app = typer.Typer( + help="broker-sync: pull brokerage activity into Wealthfolio", + # CRITICAL: rich tracebacks print all local variables on crash, which + # includes env-sourced credentials (WF_PASSWORD, T212_API_KEYS_JSON). + # Kubernetes pod logs are world-readable — leaking creds there is a + # security incident. Plain tracebacks only. + pretty_exceptions_enable=False, +) @app.command("version")