wandb token exposed to wandb users

[bghira]

hello, there exists a parameter to pass a wandb token into the training utility. unfortunately, this shows on the "Overview" tab of the training session, as a part of the complete commandline that is used to execute the trainer.

This exposes users to potentially nefarious activity, or at the very least, a sense of unease and the possibility of snooping/leaking internal data.

[bghira]

@bmaltais and @kohya-ss should probably do something about this :D does this project not care about security?

[bmaltais]

This is not good. I guess the Wanda token need to be exempted from making it in the metadata. This is something @kohya-ss need to filter in the training scripts. There is not much I can do about the metadata…

[kohya-ss]

In my understanding, the metadata in the training model doesn't contain wandb token, but it would appear on the GUI screen.
I'm not sure because I don't personally use either wandb or GUI.

[bghira]

need to recommend users to go with wandb login command instead of a cmdline argument. just --report_to=wandb,tensorboard would work.

[kohya-ss]

That makes sense. I will update the doc in next release.

[bghira]

fwiw in Diffusers, there is simply a check whether wandb is enabled and the commandline args contain the Huggingface Hub token, because any secrets on cmdline will be exposed via wandb.

but in this case, its the wandb token itself on the cmdline. i am not sure that a documentation hint is enough to stop a user from doing this. the fact that it's on the cmdline at all means it will be exposed 100% of the time this is used.

[kohya-ss]

You are correct. We must filter sensitive fields from command line args.

In my understanding, the repo doesn't expose either wandb token or command line args currently (the latter is discussed in #1231). If you find any code to do it, please let me know.

[bghira]

it's a part of the wandb module. it sends ALL args, and there is no way to filter them:

[kohya-ss]

Thank you for clarification. That's not good. I think it is undesirable to disclose not only wandb token but other information as well. Is there any way to control this?

[bghira]

none that i have found. i resorted in simpletuner to using json config files to hide cmdline args

[kohya-ss]

Thank you. That's nice. sd-scripts has .toml for configs, so I will show WARNING if the sensitive training args given in the command line.

[kohya-ss]

I have opened a PR for this #1240, If you have time to review it, I would greatly appreciate it.