Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
In Brooklyn 0.10.0-SNAPSHOT
Passwords that are set in shell.env (and thus passed into check-running etc) are being logged in plain-text.
Admittedly I'm not using an external credential store, but I suspect that even if I was then this would still happen.
We should be calling Sanitizer.sanitize(env) for our logging.
2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running VanillaSoftwareProcessImpl{id=enztuvtelc}, initiating ssh on machine SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)] (env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt, HOST_ADDRESS=10.104.0.67, PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}): #!/bin/bash -e ; export INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB" ; export RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc" ; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${ HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER} --http-password=${ADMIN_PASSWORD} | grep -c "status.:.UP"` if [ $counter -eq 0 ]; then exit 1; fi
Attachments
Attachments
Issue Links
- links to