Sensitive info in output of `fly apps list`?

ehmatthes · November 30, 2023, 9:32pm

Hi, I’m building a tool to automate deployments. At one point I run fly apps list, to make sure I’m deploying against the correct app.

I want to log the output of fly apps list --json, but I won’t do that if it might show sensitive information. In my cursory scans of the output on a freshly deployed app, I don’t see any sensitive information. For example my app has 3 secrets, but I only see "Secrets": null, in the output.

Will fly apps list --json ever show sensitive information, or is it okay to log the output?

ben-io · November 30, 2023, 10:31pm

We will never log app secrets in plaintext. I don’t see anything in fly apps list --json that would be considered sensitive.

ehmatthes · November 30, 2023, 10:53pm

Thanks, that’s really helpful to know.

system · December 7, 2023, 10:54pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why is `fly secrets list` not showing the values?	3	2088	September 15, 2022
previously set secrets not showing with `fly secrets list`	1	171	September 17, 2023
Reading app secrets locally Questions / Help	3	1453	November 18, 2022
fly machine list --json output Questions / Help	1	294	July 5, 2022
App status possible values docs	0	305	December 1, 2022

Sensitive info in output of `fly apps list`?

Related topics