Issue #16412 has been updated by eric sorenson. Status changed from Unreviewed to Investigating Assignee set to J.D. Welch
I think we'd take code around that-- I had interesting conversation with a user along these lines a couple of weeks ago. Currently the only place we do something like this is changing the password field in the `user` type: we print out [REDACTED] instead of the actual password. Everywhere else, there's no _a priori_ way for puppet to know whether the file contains something sensitive, so it seems like it needs to be a user-controllable affordance. Passing to JD Welch for UX input on what that affordance ought to look and act like. ---------------------------------------- Feature #16412: flag file resources and other diff-able things as "no-diff", to avoid disclosing passwords https://projects.puppetlabs.com/issues/16412#change-72729 Author: Dustin Mitchell Status: Investigating Priority: Normal Assignee: J.D. Welch Category: Target version: Affected Puppet version: Keywords: Branch: Diffs are great for most stuff, but for files containing sensitive information - PII, passwords, keys, etc. - Puppet's diffs get distributed a bit too widely - in reports, in emails, etc. I'd like to add another attribute to the file type (I'm flexible on the name), that will cause the file not to generate diffs: file { "/etc/sekrits": content => ..., backup => false, showdiffs => false; } (this might also be useful for files that often have large, uninteresting diffs) I'm willing to write the patch for this. I'm just looking for some vague sense that it's worthwhile before I start. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
