Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1822

Puppet device displays credentials in plain text when run manually

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • f5
    • None
    • 5
    • MODS 2015-03-18

    Description

      The device.conf format may only contain section headers (containing the certname as the section title) and type, url, and debug configuration entries (as per https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/util/network_device/config.rb#L62) which means that authentication credentials are and have always been added to the url setting.

      When running the puppet device command with verbose as puppet device -v the output prints Info: starting applying configuration to <device> at https://<username>:<password>@<address> because of https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/application/device.rb#L172

      Thus the output shows the full login URL from the device.conf including the password in plain text with no way to suppress this output.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. PUP-4190 CLONE - Puppet device displays credentials in plain text when run manually

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Activity

            People

              Unassigned Unassigned
              patrick.kelso Patrick Kelso
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support