Report a Dgraph Bug
The online restore exposes credentials in the log in clear text.
What version of Dgraph are you using?
- commit
f9d045acd(release/v21.03)
Have you tried reproducing the issue with the latest release?
n/a
What is the hardware spec (RAM, OS)?
- Ubuntu 20.04 from docker image
Steps to reproduce the issue (comm
- Given an existing backup:
## Using same credentials used for backup/restore $ aws s3 ls --profile dgraph-dev-backups s3://dgraph-dev-backups/test/backup/ # Output # PRE dgraph.20210405.192711.054/ # 2021-04-05 12:27:12 3084 manifest.json - Do an online restore on a fresh Dgraph cluster (real credentials obfuscated):
mutation { restore(input:{ location: "s3://s3.us-east-2.amazonaws.com/dgraph-dev-backups/test/backup" accessKey: "AKIAXXXXXXXXXXXXXXXX" secretKey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }) { message code } }
Expected behaviour and actual result.
Expected
There would be no secrets in the logs. Example:
E0405 19:31:22.343728 20 draft.go:720] Applying proposal. Error: cannot write backup: cannot write backup: Stat failed "dgraph.20210405.192711.054/r38-g1.backup": The specified key does not exist.. Proposal: {"<nil>" [] "<nil>" "" "<nil>" "<nil>" 'd' '\x00' "group_id:1 restore_ts:40 location:\"s3://s3.us-east-2.amazonaws.com/dgraph-dev-backups/test/backup\" access_key:\"*****\" secret_key:\"*****\" " "<nil>" "<nil>"}.
Actual
You can see this in the logs (real credentials obfuscated):
E0405 19:31:22.343728 20 draft.go:720] Applying proposal. Error: cannot write backup: cannot write backup: Stat failed "dgraph.20210405.192711.054/r38-g1.backup": The specified key does not exist.. Proposal: {"<nil>" [] "<nil>" "" "<nil>" "<nil>" 'd' '\x00' "group_id:1 restore_ts:40 location:\"s3://s3.us-east-2.amazonaws.com/dgraph-dev-backups/test/backup\" access_key:\"AKIAXXXXXXXXXXXXXXXX\" secret_key:\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\" " "<nil>" "<nil>"}.