Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-4190

CLONE - Puppet device displays credentials in plain text when run manually

    XMLWordPrintable

Details

    • 5
    • Bug Fix

    Description

      The device.conf format may only contain section headers (containing the certname as the section title) and type, url, and debug configuration entries (as per https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/util/network_device/config.rb#L62) which means that authentication credentials are and have always been added to the url setting.

      When running the puppet device command with verbose as puppet device -v the output prints Info: starting applying configuration to <device> at https://<username>:<password>@<address> because of https://github.com/puppetlabs/puppet/blob/3.7.4/lib/puppet/application/device.rb#L172

      Thus the output shows the full login URL from the device.conf including the password in plain text with no way to suppress this output.

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. MODULES-1822 Puppet device displays credentials in plain text when run manually

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          links to

          Web Link puppet PR #3706

          Activity

            People

              Unassigned Unassigned
              patrick.kelso Patrick Kelso
              Eric Thompson Eric Thompson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support