Skip to content

Redact secret parameter values from environment variables sent over the backchannel#18089

Open
shauryalowkeygotaura wants to merge 1 commit into
microsoft:mainfrom
shauryalowkeygotaura:fix/describe-secret-env-values
Open

Redact secret parameter values from environment variables sent over the backchannel#18089
shauryalowkeygotaura wants to merge 1 commit into
microsoft:mainfrom
shauryalowkeygotaura:fix/describe-secret-env-values

Conversation

@shauryalowkeygotaura

@shauryalowkeygotaura shauryalowkeygotaura commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Description

Fixes #17616

aspire describe --format json (and other CLI surfaces fed by the auxiliary backchannel, including the MCP resource tools) emitted the plaintext value of a ParameterResource marked secret: true whenever that parameter was consumed by another resource via WithEnvironment(name, secretParam). The parameter resource's own Value property is already redacted at the producer (IsSensitivenull), but the resolved value flowing into dependent resources' environment dictionaries was not.

AuxiliaryBackchannelRpcTarget now collects the resolved values of secret parameters in the application model and redacts (nulls) any environment variable value that matches one of them, before snapshots leave the AppHost. This means every backchannel consumer is covered, not just describe.

Notes on the approach:

  • The collection peeks at already-resolved values only (WaitForValueTcs.Task.IsCompletedSuccessfully); it never triggers parameter resolution, so it cannot block on an interaction prompt. If a secret value hasn't been resolved yet, it also cannot have flowed into anyone's environment.
  • Redaction to null is consistent with the existing handling of sensitive resource properties and SecretText command arguments.
  • Known limitation (called out in the issue): values that embed a secret (e.g. a connection string built from a ReferenceExpression) are not caught by exact-value matching. That likely needs provenance tracking on EnvironmentVariableSnapshot and could be a follow-up.

Testing

  • Added GetResourceSnapshotsAsync_RedactsSecretParameterValuesInEnvironmentVariables to AuxiliaryBackchannelRpcTargetTests, modeled on the existing GetResourceSnapshotsAsync_MapsSnapshotData test: secret parameter value is redacted, a non-secret parameter's value and unrelated values pass through unchanged.
  • Aspire.Hosting builds clean locally with the change. I wasn't able to run the full Aspire.Hosting.Tests project in my environment (unrelated test-asset build issue in TestProject.IntegrationServiceA), so relying on CI for the test run.

🤖 Generated with Claude Code

@shauryalowkeygotaura @claude
Redact secret parameter values from environment variables sent over t…
037a807 
…he backchannel

aspire describe --format json emitted the plaintext value of secret
parameters whenever the parameter was consumed by another resource via
WithEnvironment. The parameter resource's own Value property is already
redacted (IsSensitive), but the resolved value flowing into dependent
resources' environment dictionaries was not.

The auxiliary backchannel RPC target now collects the resolved values of
secret parameters (peeking at already-resolved values only, never
triggering resolution) and redacts matching environment variable values
before snapshots leave the AppHost.

Fixes microsoft#17616

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 10, 2026 14:07
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 18089

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 18089"

Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR adds redaction of secret parameter values from environment variables when resource snapshots are sent through the backchannel RPC, preventing secrets from leaking through clients like aspire describe --format json.

Changes:

  • Adds GetResolvedSecretParameterValues() to collect resolved secret parameter values from the application model.
  • Modifies environment variable mapping in snapshot building to null out values that match any resolved secret parameter value.
  • Adds a test verifying that secret parameter values are redacted while non-secret values remain visible.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/Aspire.Hosting/Backchannel/AuxiliaryBackchannelRpcTarget.cs Adds value-based redaction of secret parameters in environment variable snapshots
tests/Aspire.Hosting.Tests/Backchannel/AuxiliaryBackchannelRpcTargetTests.cs Adds test for secret parameter value redaction

Comment thread src/Aspire.Hosting/Backchannel/AuxiliaryBackchannelRpcTarget.cs
// Build environment variables
// Build environment variables. Values that match a secret parameter's value are
// redacted so secrets don't leak through clients (e.g. aspire describe --format json).
var secretParameterValues = GetResolvedSecretParameterValues();
Comment thread src/Aspire.Hosting/Backchannel/AuxiliaryBackchannelRpcTarget.cs
{
Name = e.Name,
Value = e.Value,
Value = e.Value is not null && secretParameterValues.Contains(e.Value) ? null : e.Value,
Comment thread tests/Aspire.Hosting.Tests/Backchannel/AuxiliaryBackchannelRpcTargetTests.cs
Comment on lines +350 to +354
EnvironmentVariables = [
new EnvironmentVariableSnapshot("DB_PASSWORD", "s3cr3t-value", true),
new EnvironmentVariableSnapshot("REGION", "public-value", true),
new EnvironmentVariableSnapshot("PLAIN_VAR", "plain-value", true)
]
@davidfowl

davidfowl commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Generated with Claude Code

@shauryalowkeygotaura Take a look at the coding agents section in the contributing guide https://github.com/microsoft/aspire/blob/main/docs/contributing.md#coding-agents.

The skills defined here https://github.com/microsoft/aspire/tree/main/.agents/skills (I know claude doesn't read the .agents folder). We typically will run the code-review skill and pr-testing skill.

Did you verify this change works e2e with a manual test?

@github-actions github-actions Bot mentioned this pull request Jun 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mitchdenny mitchdenny Awaiting requested review from mitchdenny mitchdenny is a code owner

@JamesNK JamesNK Awaiting requested review from JamesNK JamesNK is a code owner

@karolz-ms karolz-ms Awaiting requested review from karolz-ms karolz-ms is a code owner

@danegsta danegsta Awaiting requested review from danegsta danegsta is a code owner

@davidfowl davidfowl Awaiting requested review from davidfowl davidfowl is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] aspire describe --format json exposes plaintext values of secret parameters in dependent resources' env vars

3 participants

@shauryalowkeygotaura @davidfowl