Fix codeQL scan

Signed-off-by: Mihai Maruseac <[email protected]>
sigstore · Aug 14, 2024 · 081c2e0 · 081c2e0
1 parent 8c96763
commit 081c2e0
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/src/model_signing/signature/sigstore.py b/src/model_signing/signature/sigstore.py
@@ -41,10 +41,13 @@ def __init__(
         token = self.__get_identity_token(disable_ambient, id_provider)
         if not token:
             raise ValueError("No identity token supplied or detected!")
-        log.info(
-            f"Signing identity provider: {token.expected_certificate_subject}"
-        )
-        log.info(f"Signing identity: {token.identity}")
+        # Removing these as they are clear text logging of credentials
+        # https://github.com/sigstore/model-transparency/pull/283#discussion_r1716013465
+        # We likely don't need this file at all now
+        # log.info(
+        #     f"Signing identity provider: {token.expected_certificate_subject}"
+        # )
+        # log.info(f"Signing identity: {token.identity}")
         self._signer = sign.Signer(
             identity_token=token, signing_ctx=sign.SigningContext.production()
         )