ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in different files: First, if there is an error during a secret handling, there will be a subprocess.CalledProcessError, which will contain the …