Pass sensitive arguments to installers #948
Comments
This was referenced Sep 9, 2016
ferventcoder
added a commit
that referenced
this issue
Sep 12, 2016
- do not log configuration values with the word "sensitive" - do not log the console commands received if either known argument is passed. - `Start-ChocolateyProcessAsAdmin` - add `-SensitiveStatements` as a parameter.
ferventcoder
added a commit
that referenced
this issue
Sep 12, 2016
Do not log the command line when certain commands are passed and when certain arguments are detected as passed.
ferventcoder
added a commit
that referenced
this issue
Sep 12, 2016
* stable: (24 commits) (GH-839) Switch to apply package parameters to dependent packages (maint) formatting methods / parameters in calls (GH-958) If SSLv3 in Posh v2 Fails, Use Original (GH-746) Use HTTPS if available when HTTP url (GH-957) Skip Get-WebFileName When FTP (GH-948) Ensure passwords / keys are not logged (GH-952) Get-ChocolateyWebFile enhancements (doc) update generated docs (maint) formatting (docs) move GenerateDocs.ps1 / update (GH-932) Do not set unknown checksum to 'md5' (GH-719) Reset ServerCertificateValidationCallback (GH-305) add MSP/MSU installer types (GH-305) update exitcodes to long (GH-954) Pending fails when lib does not exist (GH-950) Install-ChocolateyPackage - UseOriginalLocation (maint) formatting (GH-922) Automatically determine checksum type (maint) fixes for shimgen (GH-948) Do not log sensitive arguments ...
gep13
added a commit
to gep13/choco
that referenced
this issue
May 30, 2023
Since user is one half of the information that is needed for a credential, let's treat the user as sensitive information, in the same way that we treat password. This commit adds the various forms that the user option can be passed to the Chocolatey CLI, to ensure that it is always caught.
gep13
added a commit
to gep13/choco
that referenced
this issue
May 30, 2023
Since user is one half of the information that is needed for a credential, let's treat the user as sensitive information, in the same way that we treat password. This commit adds the various forms that the user option can be passed to the Chocolatey CLI, to ensure that it is always caught.
gep13
added a commit
to gep13/choco
that referenced
this issue
May 30, 2023
Since user is one half of the information that is needed for a credential, let's treat the user as sensitive information, in the same way that we treat password. This commit adds the various forms that the user option can be passed to the Chocolatey CLI, to ensure that it is always caught.
gep13
added a commit
that referenced
this issue
May 31, 2023
* master: (148 commits) (#948) Add user as sensitive argument (#158) Error on list -lo without -r (doc) Update description of page-size argument (#158) Restore -lo warning when not using -r (#158) Update tests (#158) Relegate the -lo warning to log-file-only (#3165) Update count method to support nuget service (maint) Update Chocolatey.NuGet.Client version (build) Update GRM Template to add full stop. (build) Update GRM config for BuildAutomation tag (#508) Ensure correct configuration object is used (tests) Use nuspec for version normalization tests (tests) Tag version normalization Pester tests (#158) Restore --source in tab completion for list (#158) Refactoring based on pairing session (#158) Restore --source for choco list (maint) Add vscode settings file (maint) Changes during pairing session (tests) Add non-normalized version Pester tests (maint) Update testing vagrant for granular runs ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NOTE: This is just the FOSS enhancements supporting the feature. You need the enhancements in the licensed version released at v1.6.0 to have this work fully without touching the filesystem/log in some way.
-SensitiveStatementsas a parameter.The text was updated successfully, but these errors were encountered: