Currently, Ceilometer will record auth info when invoke neutronclient to get resources if we set log_level to DEBUG. like this:
2015-03-21 08:47:18.882 28555 DEBUG neutronclient.client [-]
REQ: curl -i http://10.250.10.246:5000/v2.0/tokens -X POST -H "User-Agent: python-neutronclient" -d '{"auth": {"tenantName": "service", "passwordCredentials": {"username": "ceilometer", "password": "REDACTED"}}}'
http_log_req /usr/local/lib/python2.7/dist-packages/neutronclient/common/utils.py:130
2015-03-21 08:47:18.883 28555 DEBUG urllib3.util.retry [-] Converted retries value: 0 -> Retry(total=0, connect=None, read=None, redirect=0) from_int /usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py:155
2015-03-21 08:47:19.001 28555 DEBUG neutronclient.client [-] RESP:200 CaseInsensitiveDict({'content-length': '4686', 'vary': 'X-Auth-Token', 'server': 'Apache/2.4.7 (Ubuntu)', 'date': 'Sat, 21 Mar 2015 00:47:18 GMT', 'content-type': 'application/json', 'x-openstack-request-id': 'req-bfde8b07-6cc3-4330-8a0e-c6760fabc5b3'}) {"access": {"token": {"issued_at": "2015-03-21T00:47:18.969327", "expires": "2015-03-21T01:47:18Z", "id": "2e0f30b2b21e4882bdd76728db0c119e", "tenant": {"description": null, "enabled": true, "id": "1e378c6eceed4ddcab74efc7a2716a71", "parent_id": null, "name": "service"}, "audit_ids": ["4YsomDCoS-GyUguh59AFag"]}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.250.10.246:8004/v1/1e378c6eceed4ddcab74efc7a2716a71", "region": "RegionOne", "internalURL": "http://10.250.10.246:8004/v1/1e378c6eceed4ddcab74efc7a2716a71", "id": "51df1cf6585c48258c713a6ba710841d", "publicURL": "http://10.250.10.246:8004/v1/1e378c6eceed4ddcab74efc7a2716a71"}], "endpoints_links": [], "type": "orchestration", "name": "heat"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8774/v2/1e378c6eceed4ddcab74efc7a2716a71", "region": "RegionOne", "internalURL": "http://10.250.10.246:8774/v2/1e378c6eceed4ddcab74efc7a2716a71", "id": "b540d1b9a32843eab0e9068a5ecfcb4a", "publicURL": "http://10.250.10.246:8774/v2/1e378c6eceed4ddcab74efc7a2716a71"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://10.250.10.246:9696/", "region": "RegionOne", "internalURL": "http://10.250.10.246:9696/", "id": "546fc177c74840d0a0cee8da35f370b4", "publicURL": "http://10.250.10.246:9696/"}], "endpoints_links": [], "type": "network", "name": "neutron"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8776/v2/1e378c6eceed4ddcab74efc7a2716a71", "region": "RegionOne", "internalURL": "http://10.250.10.246:8776/v2/1e378c6eceed4ddcab74efc7a2716a71", "id": "8e451ebb34124d1c96fe2b589f2b1b8a", "publicURL": "http://10.250.10.246:8776/v2/1e378c6eceed4ddcab74efc7a2716a71"}], "endpoints_links": [], "type": "volumev2", "name": "cinderv2"}, {"endpoints": [{"adminURL": "http://10.250.10.246:3333", "region": "RegionOne", "internalURL": "http://10.250.10.246:3333", "id": "1e79124cdac94bb48bb8d159761e27da", "publicURL": "http://10.250.10.246:3333"}], "endpoints_links": [], "type": "s3", "name": "s3"}, {"endpoints": [{"adminURL": "http://10.250.10.246:9292", "region": "RegionOne", "internalURL": "http://10.250.10.246:9292", "id": "101e2c1acc464ef894a9b409f189e61f", "publicURL": "http://10.250.10.246:9292"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8777/", "region": "RegionOne", "internalURL": "http://10.250.10.246:8777/", "id": "caa28936762d450cbd6dc34ceff6b244", "publicURL": "http://10.250.10.246:8777/"}], "endpoints_links": [], "type": "metering", "name": "ceilometer"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8000/v1", "region": "RegionOne", "internalURL": "http://10.250.10.246:8000/v1", "id": "67d8cd5b9a184c6d9e0a0bc209b485db", "publicURL": "http://10.250.10.246:8000/v1"}], "endpoints_links": [], "type": "cloudformation", "name": "heat-cfn"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8776/v1/1e378c6eceed4ddcab74efc7a2716a71", "region": "RegionOne", "internalURL": "http://10.250.10.246:8776/v1/1e378c6eceed4ddcab74efc7a2716a71", "id": "7f7926b9ebf14f3398301eeb6171c9a8", "publicURL": "http://10.250.10.246:8776/v1/1e378c6eceed4ddcab74efc7a2716a71"}], "endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8773/", "region": "RegionOne", "internalURL": "http://10.250.10.246:8773/", "id": "065fbc5ac83346aab1773c54fb821385", "publicURL": "http://10.250.10.246:8773/"}], "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8774/v2.1/1e378c6eceed4ddcab74efc7a2716a71", "region": "RegionOne", "internalURL": "http://10.250.10.246:8774/v2.1/1e378c6eceed4ddcab74efc7a2716a71", "id": "6d139a786e6d4140818284f29c82fbe2", "publicURL": "http://10.250.10.246:8774/v2.1/1e378c6eceed4ddcab74efc7a2716a71"}], "endpoints_links": [], "type": "computev21", "name": "novav21"}, {"endpoints": [{"adminURL": "http://10.250.10.246:35357/v2.0", "region": "RegionOne", "internalURL": "http://10.250.10.246:5000/v2.0", "id": "62ad49d5235b41eeba55fe0b874ab28f", "publicURL": "http://10.250.10.246:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}, {"endpoints": [{"adminURL": "http://10.250.10.246:8080/v2.0", "region": "RegionOne", "internalURL": "http://10.250.10.246:8080/v2.0", "id": "7495945e77f24a5aa43188271a9564d2", "publicURL": "http://10.250.10.246:8080/v2.0"}], "endpoints_links": [], "type": "monitor", "name": "monasca"}], "user": {"username": "ceilometer", "roles_links": [], "id": "803e3d3243444cf8aeb9f4d7a4ac4e00", "roles": [{"name": "admin"}], "name": "ceilometer"}, "metadata": {"is_admin": 0, "roles": ["eb75c15b2bc44914bccfedd273341950"]}}}
http_log_resp /usr/local/lib/python2.7/dist-packages/neutronclient/common/utils.py:139
2015-03-21 08:47:19.002 28555 DEBUG neutronclient.client [-]
REQ: curl -i http://10.250.10.246:9696//v2.0/lb/members.json -X GET -H "User-Agent: python-neutronclient" -H "X-Auth-Token: 2e0f30b2b21e4882bdd76728db0c119e"
The above info include sensitive information, admin token, and the token wasn't safe coded with hash method. this is easy to be exposed to end user.
is this a dup of tihs : https:/ /bugs.launchpad .net/ceilometer /+bug/1433004