+1 on not killing the jenv logging - we just need to sanitise out the secrets.
On 29/05/14 11:18, Andrew Wilkins wrote: > On Thu, May 29, 2014 at 4:25 AM, Nate Finch <[email protected]>wrote: > >> Today I learned CI isn't running with --debug because they don't want to >> expose sensitive data in their jenv... which gets logged when you run with >> --debug. However, it also means that we don't get all our really useful >> debug log messages when something breaks in CI. >> >> I made a fix for this (deleting the line that logs the jenv). Please let >> me know if there's any reason we shouldn't do this. Logging people's >> passwords/secrets is generally a big security no-no anyway, so I hope it >> won't be controversial. >> > > I'm +1 on not logging secrets, but I think not logging the .jenv at all > will come back to bite us when we're debugging. It'd be better just to > sanitise the output by using the EnvironProvider.SecretAttrs method. > > Also, we log the bootstrap script, and that contains the full bootstrap > config. That needs to be sanitised (or suppressed) as well. > > >> https://codereview.appspot.com/98580048 >> >> -Nate >> >> -- >> Juju-dev mailing list >> [email protected] >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/juju-dev >> >> > > > -- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
