Skip to content

Commit 9343615

Browse files
Copilotlpcox
andcommitted
feat(one-shot-token): add logging for cached token accesses
Add print statements whenever getenv() or secure_getenv() are called for sensitive tokens, even when returning cached values. Previously, only the first access was logged. Now subsequent accesses also log "accessed (cached value)" for better debugging visibility. This helps diagnose token access patterns and verify that the one-shot-token library is working correctly. Example output: - First access: "Token GITHUB_TOKEN accessed and cached (value: ghp_...)" - Subsequent: "Token GITHUB_TOKEN accessed (cached value: ghp_...)" Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
1 parent 2150520 commit 9343615

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

containers/agent/one-shot-token/one-shot-token.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -290,6 +290,8 @@ char *getenv(const char *name) {
290290
} else {
291291
/* Already accessed - return cached value */
292292
result = token_cache[token_idx];
293+
fprintf(stderr, "[one-shot-token] Token %s accessed (cached value: %s)\n",
294+
name, format_token_value(result));
293295
}
294296

295297
pthread_mutex_unlock(&token_mutex);
@@ -354,6 +356,8 @@ char *secure_getenv(const char *name) {
354356
} else {
355357
/* Already accessed - return cached value */
356358
result = token_cache[token_idx];
359+
fprintf(stderr, "[one-shot-token] Token %s accessed (cached value: %s) (via secure_getenv)\n",
360+
name, format_token_value(result));
357361
}
358362

359363
pthread_mutex_unlock(&token_mutex);

0 commit comments

Comments
 (0)