Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-4190

CLONE - Puppet device displays credentials in plain text when run manually

    Details

    • Template:
    • Story Points:
      5
    • Release Notes:
      Bug Fix

      Description

      The device.conf format may only contain section headers (containing the certname as the section title) and type, url, and debug configuration entries (as per https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/util/network_device/config.rb#L62) which means that authentication credentials are and have always been added to the url setting.

      When running the puppet device command with verbose as puppet device -v the output prints Info: starting applying configuration to <device> at https://<username>:<password>@<address> because of https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/application/device.rb#L172

      Thus the output shows the full login URL from the device.conf including the password in plain text with no way to suppress this output.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  patrick.kelso Patrick Kelso
                  QA Contact:
                  Eric Thompson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support