Provide clear documentation on how to mask sensitive info in a logger and get the consumers of
keystoneauth to use Oslo's mask_password wherever possible.
The solution I have proposed in comment #11 and #12 follows the same way but has a disadvantage like
that solution would check each and every log message for certain password fields further degrading the
performance.
To overcome this disadvantage I have thought of passing mask_password=True keyword argument to the
logger statement. If the mask_password is set then only the information will be masked at the time
of logging.
With these changes I am able to mask the sensitive information in keystoneauth successfully without
using the external oslo lib explicitly.
Now the problem with this solution is:
If you forget to pass mask_password=True for logging messages where password related information
is present, then those fields won't be masked with ***. But this can be clearly documented as
suggested by Morgan and Lance.
Hi All,
Morgan's solution:
Provide clear documentation on how to mask sensitive info in a logger and get the consumers of
keystoneauth to use Oslo's mask_password wherever possible.
The solution I have proposed in comment #11 and #12 follows the same way but has a disadvantage like
that solution would check each and every log message for certain password fields further degrading the
performance.
To overcome this disadvantage I have thought of passing mask_password=True keyword argument to the
logger statement. If the mask_password is set then only the information will be masked at the time
of logging.
I have explained this approach in below paste file with code snippet: paste.openstack .org/show/ 618019/
http://
With these changes I am able to mask the sensitive information in keystoneauth successfully without
using the external oslo lib explicitly.
Now the problem with this solution is:
If you forget to pass mask_password=True for logging messages where password related information
is present, then those fields won't be masked with ***. But this can be clearly documented as
suggested by Morgan and Lance.