Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7580

Exec resource exposing Sensitive data

    Details

    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Puppet will no longer leak sensitive data into the resourcefile.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently the namvar attribute of the exec resource is assigned to the command attribute.
      meaning the name of the resource when printed into resources.txt is the executed parameter.

      This could be considered a security issue, but also makes it difficult to name resources uniquely.
      A request for a name attribute or the ability to use the title as the namevar.

      This is an issue when running puppet agent or puppet apply --write-catalog-summary.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  kris.bosland Kris Bosland
                  Reporter:
                  martin.ewings Martin Ewings
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: