yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2018592] [NEW] Migration config containing secret should not be created in /tmp

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2018592@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Sep 2023 13:15:47 -0000
Reply-to: Bug 2018592 <2018592@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

You have been subscribed to a public bug:

In nova->placement upgrade procedure document
(https://docs.openstack.org/placement/latest/admin/upgrade-to-
stein.html) /tmp/migrate-db.rc is an example location for migration
config. As this file contains secrets for both nova_api and placement
databases, it is insecure to keep in /tmp/ directory (as most of admins
will forget to shred and remove it). It should be changed from
/tmp/migrate-db.rc to f.e. /root/migrate-db.rc

** Affects: nova
     Importance: Undecided
     Assignee: Franciszek Przewoźny (fprzewozn)
         Status: In Progress

-- 
Migration config containing secret should not be created in /tmp
https://bugs.launchpad.net/bugs/2018592
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova).