[jira] [Commented] (BROOKLYN-405) Passwords in environment variables logged by brooklyn.SSH debug

[Svetoslav Neykov (JIRA)]

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711778#comment-15711778
 ] 

Svetoslav Neykov commented on BROOKLYN-405:
-------------------------------------------

Related to https://issues.apache.org/jira/browse/BROOKLYN-10. Seems there's 
been some good progress on it since opening it.

> Passwords in environment variables logged by brooklyn.SSH debug
> ---------------------------------------------------------------
>
>                 Key: BROOKLYN-405
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-405
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Aled Sage
>
> In Brooklyn 0.10.0-SNAPSHOT
> Passwords that are set in {{shell.env}} (and thus passed into 
> {{check-running}} etc) are being logged in plain-text.
> Admittedly I'm not using an external credential store, but I suspect that 
> even if I was then this would still happen.
> We should be calling {{Sanitizer.sanitize(env)}} for our logging.
> {noformat}
> 2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running 
> VanillaSoftwareProcessImpl{id=enztuvtelc}, initiating ssh on machine 
> SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)] 
> (env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR
> L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt, 
> HOST_ADDRESS=10.104.0.67, 
> PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}):
>  #!/bin/bash -e
>  ; export 
> INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB"
>  ; export 
> RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc"
>  ; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${
> HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER} 
> --http-password=${ADMIN_PASSWORD} | grep -c "status.:.UP"`
> if [ $counter -eq 0 ]; then 
>   exit 1;
> fi
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)