Skip to content

Commit

Permalink
Merge pull request #2 from jspaleta/asset_token_envvar
Browse files Browse the repository at this point in the history 
Asset token envvar
  • Loading branch information
Nikki Attea authored Jan 8, 2019
2 parents e8dcfbb + 688ad04 commit e585721
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ and this project adheres to [Semantic
Versioning](http://semver.org/spec/v2.0.0.html).

## Unreleased
### Added
- Use PAGERDUTY_TOKEN envvar for default value for accessToken, for security. This is a backwards compatible change.

## [1.0.1] - 2018-12-12
### Added
Expand Down
10 changes: 8 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,10 @@ Example Sensu Go handler definition:
},
"spec": {
"type": "pipe",
"command": "sensu-pagerduty-handler --token SECRET",
"command": "sensu-pagerduty-handler",
"env_vars": [
"PAGERDUTY_TOKEN=SECRET",
],
"timeout": 10,
"filters": [
"is_incident"
Expand Down Expand Up @@ -71,9 +74,12 @@ Usage:
Flags:
-h, --help help for sensu-pagerduty-handler
-t, --token string The PagerDuty V2 API authentication token
-t, --token string The PagerDuty V2 API authentication token, use default from PAGERDUTY_TOKEN env var
```

**Note:** Make sure to set the `PAGERDUTY_TOKEN` environment variable for sensitive credentials in production to prevent leaking into system process table. Please remember command arguments can be viewed by unprivileged users using commands such as `ps` or `top`. The `--token` argument is provided as an override primarily for testing purposes.

## Contributing

See https://github.com/sensu/sensu-go/blob/master/CONTRIBUTING.md
Expand Down
18 changes: 14 additions & 4 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,17 @@ func configureRootCommand() *cobra.Command {
RunE: run,
}

/*
Security Sensitive flags
- default to using envvar value
- do not mark as required
- manually test for empty value
*/
cmd.Flags().StringVarP(&authToken,
"token",
"t",
"",
"The PagerDuty V2 API authentication token")

_ = cmd.MarkFlagRequired("token")
os.Getenv("PAGERDUTY_TOKEN"),
"The PagerDuty V2 API authentication token, use default from PAGERDUTY_TOKEN env var")

return cmd
}
Expand All @@ -48,6 +52,12 @@ func run(cmd *cobra.Command, args []string) error {
return fmt.Errorf("invalid argument(s) received")
}

if authToken == "" {
_ = cmd.Help()
return fmt.Errorf("authentication token is empty")

}

if stdin == nil {
stdin = os.Stdin
}
Expand Down

0 comments on commit e585721

Please sign in to comment.