The issue is that when we make diagnostic snapshot we get files as they are. Those files like /etc/astute.yaml contain plain text passwords which are strongly desirable to be filtered out from wherever they appear.
There are two major approaches here. First is to use bare filtering such as sed. We have set of passwords taken from database and we can find those pieces of plain text throughout snapshot files and substitute them with something. The problem here is that passwords can look like "1" or "admin", so we are enforced to filter out all such occurrences. To avoid this problem we need to check passwords for their strength. Strong passwords like "Ainei0oh" can be found and substituted being sure that they are actual passwords and not meaningful strings. Second, you have data about where and how passwords appear. Those data are something like set of regular expressions /(foo:\s+)(PASSWORD)(bar)$/ with file names. The problem here is that we need somehow to gather those data and they eventually could turn out to be invalid so we are likely to skip one of the occurrences. Let's have a discussion about it and make a decision. -- Vladimir Kozhukalov
-- Mailing list: https://launchpad.net/~fuel-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~fuel-dev More help : https://help.launchpad.net/ListHelp
