git credential leak in Console log while failing to pull a repo

[hieutomra]

Typically, to reproduce this, you need to:

• do a local commit
• without pushing your new commit, enqueue the task (or run remote with execute_remotely)

The leak happen for both private and public github repo.

Eg: output that I redacted with REDACTED:

[...]
ERROR: Could not build wheels for SAM_2, which is required to install pyproject.toml-based projects
RequirementsManager handler <clearml_agent.helper.package.external_req.ExternalRequirements object at 0x7f472e4ff100> raised exception: Failed installing GIT/HTTPs package 'git+https://REDACTED:[email protected]/facebookresearch/segment-anything-2.git@86827e2fbae8a293f61d51caa70a4b0602c04454#egg=SAM_2'
clearml_agent: ERROR: Could not install task requirements!
Failed installing GIT/HTTPs package 'git+https://REDACTED:[email protected]/facebookresearch/segment-anything-2.git@86827e2fbae8a293f61d51caa70a4b0602c04454#egg=SAM_2'
[...]

clearml-agent v1.9.2 (self hosted)

[jkhenning]

Hi @hieutomra, this seems to be a printout by pip when failing to install a package, can you attach the full log for context?

[hieutomra]

I double check and you are right: this actually happen during a pip install of dependency and don't leak during the principal git pull of the task (even faulty)

I put this inside Python Packages of the task:

-e git+ssh://[email protected]/REDACTED/helloworld.git@d08b7997185d4f996a229448e3ba5d2e7cd544e1#egg=hello

Then queue it. The full log: task_6aa0a0e5cd344b93a68914301374d7da(1).log

Note: Our agent is running inside a docker container.

As you said this seems to not be a direct issue from clearml-agent ... Any idea how to mitigate this ?