Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-4190

CLONE - Puppet device displays credentials in plain text when run manually

    XMLWordPrintable

    Details

    • Template:
    • Story Points:
      5
    • Release Notes:
      Bug Fix

      Description

      The device.conf format may only contain section headers (containing the certname as the section title) and type, url, and debug configuration entries (as per https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/util/network_device/config.rb#L62) which means that authentication credentials are and have always been added to the url setting.

      When running the puppet device command with verbose as puppet device -v the output prints Info: starting applying configuration to <device> at https://<username>:<password>@<address> because of https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/application/device.rb#L172

      Thus the output shows the full login URL from the device.conf including the password in plain text with no way to suppress this output.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              patrick.kelso Patrick Kelso
              QA Contact:
              Eric Thompson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support