Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-1303

puppetdb with postgres backend shows up password in process list to all users

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      puppetdb 2.2.2-1puppetlabs1
      Debian GNU/Linux 7.8 (wheezy)

    • Template:

      Description

      According to your configuration document
      https://docs.puppetlabs.com/puppetdb/2.2/postgres_ssl.html
      I setup /etc/default/puppetdb with password to connect to postgresDB

      1. Modify this if you'd like to change the memory allocation, enable JMX, etc
        JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djavax.net.ssl.trustStore=/etc/puppetdb/ssl/truststore.jks -Djavax.net.ssl.trustStorePassword=<PASSWORD>"

      Starting puppetdb and entering the command `ps -ef` the password is visible than to all users, what is imho very ugly.

      Please provide a different approach to hand over trustStore password to java.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                ap Andreas Papst
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: