[
https://issues.apache.org/jira/browse/BROOKLYN-10?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356813#comment-14356813
]
ASF GitHub Bot commented on BROOKLYN-10:
----------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-brooklyn/pull/546
> Dumping sensitive information in the debug log
> ----------------------------------------------
>
> Key: BROOKLYN-10
> URL: https://issues.apache.org/jira/browse/BROOKLYN-10
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Svetoslav Neykov
>
> Brooklyn dumps sensitive information in the debug log like passwords and
> private keys. I tracked it (at least) to the following locations
> * brooklyn.entity.software.MachineLifecycleEffectorTasks.
> provisionAsync(MachineProvisioningLocation<?>) (current line is 239)
> Entities.sanitize goes just one level deep, leaving deeper info untouched (in
> this case the config object)
> * brooklyn.location.basic.BasicLocationRegistry.updateDefinedLocations()
> (current line is 153)
> definedLocations.values() is not sanitized at all, leaving all the info from
> the properties file visible
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)