Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6433

Transaction event redaction

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Epic Name:
      Transaction event redaction
    • Template:

      Description

      When Puppet is applying resources during catalog application, it logs a large amount of information about how the system was changed, what the original state of the resource was, and what it was changed to. This is valuable for helping users understand what changes Puppet is enforcing and why those changes were made, but this is problematic when sensitive information is added to the mix. Puppet doesn't yet have a concept of sensitive information so all resource changes are logged regardless of whether the logged information needs to be protected or redacted.

      In order to mitigate the exposure of sensitive information that Puppet is already managing, we need to build a concept of sensitive information and use this new information to redact sensitive information wherever possible. Our initial focus will be on the events that Puppet generates when synchronizing resources properties with sensitive information. Redacting these events will cut out sensitive information in the majority (but not necessarily all) of the Puppet runtime logs as well as the transaction report.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              adrien Adrien Thebo
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support