Project

General

Profile

Actions
Copy link

Bug #2709

closed

Foreman stores compute_resource passwords in plaintext

Added by Kal Aeolian almost 11 years ago. Updated almost 11 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Compute resources
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Foreman stores the user credentials for compute_resources (vmware in our case) in plain-text. We will have an API user that has full access into the specific datacenters we'll use. Assuming we've done our homework, no one should have access to this, but it exposes a very sensitive piece of info in plain-text that should not be that way.

Expected behavior would be a hashed password being stored.

(The database is dumped for backup, and perhaps people who have access to the backups shouldn't have access to a plain-text version of this password.)

Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #2424: encrypt compute resource passwordClosedJoseph Magen04/24/2013Actions
Actions
Copy link
 #1

Updated by Dominic Cleal almost 11 years ago

  • Status changed from New to Duplicate

Thanks for the report. It's a duplicate of #2424, closing.

Actions
Copy link
 #2

Updated by Joseph Magen almost 11 years ago

Kal, do you have any suggestions how to store a unique encryption key for each Foreman installation?
Follow the discussion on https://github.com/theforeman/foreman/pull/568

Actions
Copy link

Also available in: Atom PDF