-
Type:
Bug
-
Status: Ready for Engineering
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: dsc
-
Labels:None
-
Environment:
-
Template:
-
Epic Link:
-
Team:Windows
-
Sprint:Windows Hopper
-
Method Found:Needs Assessment
-
QA Risk Assessment:Needs Assessment
Can you please confirm if this is module or puppet agent scope.Is Sensitive data type suported?
I encrypted password by hiera,passwords are shown as plain text in catalog JSON file and in puppet agent output.
I found similar issue:https://tickets.puppetlabs.com/browse/PUP-7057
Basic Info
Module Version:1.7.0
Puppet Version:5.5.2
Puppet server:OS Name/Version:AWS Ops Work EC2 instance 4.14.72-73.55.amzn2.x86_64
Node:Windows Server 2016
Password shown in plain when creating new AD user
{
|
|
|
{dsc_xADUser {'FirstUser': |
|
|
dsc_ensure => 'present',}} |
|
|
{
|
|
|
{ dsc_domainname => 'ad.contoso.com',}} |
|
|
{
|
|
|
{ dsc_username => 'tfl', |
dsc_userprincipalname => 'tfl@ad.contoso.com', |
dsc_password => {}}
|
|
|
{
|
|
|
{ 'user' => 'tfl@ad.contoso.com', |
'password' => Sensitive(lookup('password')) |
},
|
|
|
}
|
|
|
}
|
|
|
{
|
|
|
{ dsc_passwordneverexpires => true,}} |
|
|
{
|
|
|
{ dsc_domainadministratorcredential => {}}
|
|
|
{
|
|
|
{ 'user' => 'Administrator@ad.contoso.com', |
'password' => Sensitive(lookup('password')) |
},
|
|
|
}
|
|
|
}
|
|
|
}
|
Desired Behavior:
When running puppet agent -t -v password should be hidden/encrypted
Actual Behavior:
Password is shown in plain text
'password' = 'Password'
- relates to
-
-
- Resolved
-
