© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Hi All,
Morgan's solution:
Provide clear documentation on how to mask sensitive info in a logger and get the consumers of
keystoneauth to use Oslo's mask_password wherever possible.
The solution I have proposed in comment #11 and #12 follows the same way but has a disadvantage like
that solution would check each and every log message for certain password fields further degrading the
performance.
To overcome this disadvantage I have thought of passing mask_password=True keyword argument to the
logger statement. If the mask_password is set then only the information will be masked at the time
of logging.
I have explained this approach in below paste file with code snippet:
http://
With these changes I am able to mask the sensitive information in keystoneauth successfully without
using the external oslo lib explicitly.
Now the problem with this solution is:
If you forget to pass mask_password=True for logging messages where password related information
is present, then those fields won't be masked with ***. But this can be clearly documented as
suggested by Morgan and Lance.