Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8399

Exec onlyif and unless should support sensitive data

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Modules, Windows
    • Labels:
      None
    • Environment:

      Operating system: Win 2012 R2

    • QA Risk Assessment:
      Needs Assessment

      Description

      *Puppet Version:*2016.4.5
      Puppet Server Version:
      *OS Name/Version: Windows 2012 R2

      Test Setup
      A password and username in encrypted and stored in Hiera.
      These are passed to example.pp which consists of:

      exec{
      command => ''examplecommand --username $testuser --password $testpass",
      path => facts[$path],
      logoutput =>true
      }
      

      For some reason the above exec fails, the output displays failed password. The same applies when I try to create ps1 files from template and assign parameters within. All the information is displayed in puppet logs.
      Is there a way to not log any error out(just a failure notice)/mask the password in log.

      Want to know what is the best way to achieve this.

      Desired Behavior:
      Passwords not to be displayed in error log.

      Actual Behavior:
      Passwords from command/scripts from powershell on exec failure.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                kris.bosland Kris Bosland
                Reporter:
                sdoi sdoi
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: