--debug dumps sensitive information to terminal
Bug #1289038 reported by
Marco Ceppi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Medium
|
Andrew Wilkins |
Bug Description
When trying to help users, if any of them runs --debug the first line of the command output is the jenv file which contains sensitive information. This makes it very hard to help users troubleshoot without them leaking their credentials.
Related branches
lp:~natefinch/juju-core/053-nolog-jenv
On hold
for merging
into
lp:~go-bot/juju-core/trunk
- Juju Engineering: Pending requested
-
Diff: 11 lines (+0/-1)1 file modifiedenvirons/open.go (+0/-1)
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: security |
tags: | added: ci |
Changed in juju-core: | |
importance: | High → Medium |
Changed in juju-core: | |
status: | Triaged → Fix Committed |
assignee: | nobody → Andrew Wilkins (axwalk) |
milestone: | none → 1.21-beta1 |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I believe this is fixed in 1.21. While comparing a 1.20 and a 1.21 bootstrap I noticed that 1.21 doesn't dump the cloud-init script to stderr. There is no cert or password or access key shown in the 1.21 --debug, but there is in 1.20