yahoo-eng-team team mailing list archive

[Brant Knudson <bknudson@xxxxxxxxxx>]

Public bug reported:


When I start up keystone-all with --debug it logs the config settings. The config setting for the database connection string is printed out:

(keystone-all): 2014-01-06 16:32:56,983 DEBUG cfg log_opt_values
database.connection            =
mysql://root:rootpwd@127.0.0.1/keystone?charset=utf8

The database connection string will typically contain the user password,
so this value should be masked (like admin_token).

This is a regression from Havana, which masked the db connection string.

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: New

** Affects: oslo
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: In Progress

** Also affects: oslo
   Importance: Undecided
       Status: New

** Changed in: oslo
     Assignee: (unassigned) => Brant Knudson (blk-u)

** Changed in: keystone
     Assignee: (unassigned) => Brant Knudson (blk-u)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1266590

Title:
  db connection string in cleartext in debug log

Status in OpenStack Identity (Keystone):
  New
Status in Oslo - a Library of Common OpenStack Code:
  In Progress

Bug description:
  
  When I start up keystone-all with --debug it logs the config settings. The config setting for the database connection string is printed out:

  (keystone-all): 2014-01-06 16:32:56,983 DEBUG cfg log_opt_values
  database.connection            =
  mysql://root:rootpwd@127.0.0.1/keystone?charset=utf8

  The database connection string will typically contain the user
  password, so this value should be masked (like admin_token).

  This is a regression from Havana, which masked the db connection
  string.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1266590/+subscriptions