Mnemonic sent do docker log in plain text

[lrvick]

This container currently logs the private key mnemonic in plain text to whatever the docker system logging daemon is.

In many cases this is widely readable by monitoring systems etc.

This is a serious vulnerability.

$ docker logs chia
Chia directory /root/.chia/mainnet
Can't find private CA, creating a new one in /root/.chia/mainnet to generate TLS certificates
No keys are present in the keychain. Generate them with 'chia keys generate'

To see your keys, run 'chia keys show'
Added private key with public key fingerprint 1076947857 and mnemonic
ghost sense make design slush bulb liquid unaware home heart host charge talk type lady life renew weird test topic trust adult thumb cabbage

[jnaulty]

I think it's caused by this: https://github.com/Chia-Network/chia-blockchain/blob/0252852bc02191892eb5f020f13aeefef5e457b6/src/cmds/keys_funcs.py#L53 (when generating a new key, it prints it to stdout)

[justinengland]

this is a beta deployment. I do not recommend running this in a shared ecosystem. Treat this instance like you would a bare metal instance with these keys. I will look into making this more shared environment friendly but that is very low on priority atm.