Project

General

Profile

Bug #27481

Secrets should be hidden

Added by Adam Ruzicka over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:

Description

Secrets, such as sudo password do currently show up in task export.

Also if the password is set globally in settings, it is stored encrypted but still shown in its plain form in the web ui. Workaround for this is to declare it as a global parameter instead, where this issue is not present.


Related issues

Related to Ansible - Bug #27491: Ensure ssh and sudo passwords are not leaked in task exportClosed
Related to Foreman - Bug #29044: Settings should have their value hidden in API if they are encryptedClosed

Associated revisions

Revision fa074031 (diff)
Added by Adam Růžička over 2 years ago

Fixes #27481 - Aggregate all secrets under the secrets key (#425)

We have a middleware which prevents display of anything that is stored
in action's input under the secrets key. However currently we store
secrets all over the place, meaning the secrets may show up in task
export.

This commit moves all the secrets under the secrets key to prevent their
leaking.

History

#1 Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/425 added

#2 Updated by Lukas Zapletal over 2 years ago

  • Related to Bug #27491: Ensure ssh and sudo passwords are not leaked in task export added

#3 Updated by Adam Ruzicka over 2 years ago

  • Bugzilla link set to 1701942

#4 Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases foreman_remote_execution 1.8.5 added

#5 Updated by Anonymous over 2 years ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Adam Ruzicka over 2 years ago

  • Fixed in Releases foreman_remote_execution 2.0.0 added
  • Fixed in Releases deleted (foreman_remote_execution 1.8.5)

#7 Updated by Adam Ruzicka almost 2 years ago

  • Related to Bug #29044: Settings should have their value hidden in API if they are encrypted added

Also available in: Atom PDF