Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Leaked content of comments when `debug: true`
See original GitHub issueGiven this configuration
require('dotenv').config({ debug: true })
and this .env
#Local
DATABASE_URL=postgresql://user:password@localhost:5432/database
#Production
#DATABASE_URL=postgresql://user:password@pg-db-provision.id.eu-central-1.rds.amazonaws.com:5432/database
Dotenv output will show
[dotenv][DEBUG] did not match key and value when parsing line 1: #Local
[dotenv][DEBUG] did not match key and value when parsing line 1: #Production
[dotenv][DEBUG] did not match key and value when parsing line 1: #DATABASE_URL=postgresql://user:password@pg-db-provision.id.eu-central-1.rds.amazonaws.com:5432/database
Leaking the secret into the logs 😨
I see a PR who could solve this, has been open and then closed, about removing comments from the DEBUG logs https://github.com/motdotla/dotenv/pull/404 @maxbeatty What do you think about this with this new light?
(Context: https://github.com/prisma/prisma/issues/9428)
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Debug Tutorial Part 5: Handle Leaks - CodeProject
Learn how to debug handle leaks in Windows. ... especially if the thread handle was leaked and the thread is no longer around....
Read more >Dotenv running on debug mode for any non ... - GitHub
Hey all! We have noticed that passing any defined values in the debug option in config function will turn on debug mode.
Read more >Why does DEBUG=False setting make my django Static Files ...
Generally, once I set DEBUG = False , all views will load, but any linked content (CSS, Javascript, Images, etc) wont load! What's...
Read more >[GTA SA] Debug mode LEAKED! See what the dev version ...
[GTA SA] Debug mode LEAKED! See what the dev version looked like. Within the leaks of the Nintendo Switch version of GTA Trilogy, ......
Read more >It's hard to call DEBUG in Django a "memory leak" when the ...
It's hard to call DEBUG in Django a "memory leak" when the "leak" is documented behavior -- when DEBUG=True, Django keeps a running...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The debug feature needs a fresh pass. It’s being used for a different reason than it was originally intentioned.
We will improve it soon. It includes requests here as well:
I don’t participate in maintaining this repository anymore, but you asked what I think so I’ll tell you I think you’re solving the wrong problem 😸 The intention of the debug option for dotenv is to help understand why you might not be getting the expected values assigned to
process.env. It is not intended as a general logging tool.The problem you should be solving is how to separate your local and production secrets so they are not together in the same file. I know it’s easier, but it’s also less secure. Ideally, your production and other hosted environments don’t use .env files at all. There are lots of great secure secret management tools out there. Further, I wouldn’t allow connections to RDS outside of a VPC, but I digress.
Good luck! Hope you all find a solution that works for everyone ✌🏼