Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9585

Do not output password for user type if it is marked Sensitive

    XMLWordPrintable

Details

    • Hide

      Passwords for the user type are output in Debug logging, even if the value is marked Sensitive.  Instead, this should be written as "[redacted]" in the log.

      Show
      Passwords for the user type are output in Debug logging, even if the value is marked Sensitive.  Instead, this should be written as " [redacted] " in the log.
    • Coremunity
    • Platform Core KANBAN
    • Bug Fix
    • User providers will not output exec command lines with passwords during debugging level logging.
    • Needs Assessment

    Description

      Reproduction steps:

      $ cat foo.pp
      		 
      class foo {
      		 
        user {'foo':
      		 
          ensure => present,
      		 
          password => Sensitive("foo")
      		 
        }
      		 
      }
      		 
       
      		 
      include foo

       

      puppet apply foo.pp --debug

       

      Info: Applying configuration version '8ef5cbfc620ff86bc1c8c02a56c5dc16d3630db4'
      		 
      Debug: Executing: '/sbin/useradd -p foo -M foo'

       

      Attachments

        Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. PUP-9692 hiera explain should redact values converted to Sensitive in --debug mode

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Accepted
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              kris.bosland Kris Bosland
              kris.bosland Kris Bosland
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support