[PUP-6441] Redact events with sensitive data - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 4.6.0
Component/s: None
Labels:
- secrets

Epic Link:
Transaction event redaction
Story Points:
2
Sprint:
Client 2016-07-13 (HA, 1.5.3), Client 2016-07-27

Release Notes:
Not Needed
Release Notes Summary:

Hide
See ~~PUP-6440~~. We'll release note the whole feature not the individual tix.

Show
See PUP-6440 . We'll release note the whole feature not the individual tix.

Description

When Puppet synchronizes a property it stores the historical, previous, and desired values in an instance of Puppet::Transaction::Event. The event is both sent to the Puppet master in the transaction report and is logged as part of the normal Puppet logging. When an event is created that contains sensitive data, these fields need to be redacted in some manner to prevent the plaintext values from being emitted in the aforementioned logging and reports.

Event objects also contain a message field that may contain sensitive information, but as far as the event is concerned this is an opaque string and thus cannot be redacted by the event itself.

Attachments

Issue Links

blocks

PUP-6442 Redact the message field of transaction events

Closed

is blocked by

PUP-6440 Tag transaction events with sensitive data

Closed

relates to

PUP-6541 Acceptance: Validate sensitive data type

Closed

Activity

People

Assignee:: qa

Reporter:: Adrien Thebo

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016/06/24 2:08 PM

Updated:: 2016/08/11 9:58 AM

Resolved:: 2016/07/27 9:17 AM