Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] PostgreSQL Credentials Are Exposed in Error Logs When Using launch_app #6193

Open
fjprobos opened this issue Jan 29, 2025 · 1 comment
Open

[BUG] PostgreSQL Credentials Are Exposed in Error Logs When Using launch_app #6193

fjprobos opened this issue Jan 29, 2025 · 1 comment
Labels
bug Something isn't working triage issues that need triage

Comments

@fjprobos
Copy link

Describe the bug
When launching Phoenix using px.launch_app(use_temp=False), error logs display the full PostgreSQL connection string, including credentials in plain text. This poses a security risk, as credentials could be leaked in logs, especially in shared environments or CI/CD pipelines.

Example of the log output:

`ERROR:    Application startup failed. Exiting.
🌍 To view the Phoenix app in your browser, visit http://localhost:6006/
💽 Your data is being persisted to postgresql://postgres:pass@host-url:5432/data-warehouse
📖 For more information on how to use Phoenix, check out https://docs.arize.com/phoenix

(Note: The credentials in this message have been manually replaced, but they appear in plaintext in the actual logs.)

To Reproduce
Steps to reproduce the behavior:
1. Configure Phoenix to use a PostgreSQL database.
2. Set up environment variables, including the database URL (PHOENIX_SQL_DATABASE_URL).
3. Start the application using px.launch_app(use_temp=False).
4. Trigger an error (e.g., incorrect schema setup, missing tables).
5. Observe the logs displaying the full database connection string, including credentials.

Expected behavior
The logs should redact sensitive information from the database connection string. For example, instead of showing the full credentials, it should display something like:

💽 Your data is being persisted to postgresql://****:****@host-url:5432/data-warehouse

Screenshots
N/A

Environment (please complete the following information):
• OS: Windows 11
• Notebook Runtime: Python script (run_phoenix_app.py)
• Browser: N/A
• Version: Phoenix 7.9.2

Additional context
• This issue occurs when launching Phoenix using px.launch_app(use_temp=False). I have not tested whether the same happens with phoenix serve, as the error that triggered the log did not occur in that case.
• A fix should ensure that sensitive credentials are redacted before being logged.
@fjprobos fjprobos added bug Something isn't working triage issues that need triage labels Jan 29, 2025
@github-project-automation github-project-automation bot moved this to 📘 Todo in phoenix Jan 29, 2025
@axiomofjoy
Copy link
Contributor

Thanks @fjprobos, we will redact!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage issues that need triage
Projects
phoenix
Status: 📘 Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fjprobos @axiomofjoy