Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid logging secrets in Engine debug logs #646

Merged
merged 3 commits into from Oct 14, 2022
Merged

Avoid logging secrets in Engine debug logs #646

merged 3 commits into from Oct 14, 2022

Conversation

mz-pdm
Copy link
Member

@mz-pdm mz-pdm commented Sep 8, 2022

This fixes issue #641. See also oVirt/vdsm-jsonrpc-java#24.

@mz-pdm mz-pdm self-assigned this Sep 8, 2022
ljelinkova
ljelinkova approved these changes Sep 21, 2022
View reviewed changes
Copy link
Collaborator

@ljelinkova ljelinkova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like how you and Shmuel approached this. Looks good!

@mz-pdm
core: Add SecretValue class
26e7c14 
This class allows wrapping values that shouldn’t be exposed in logs.
Its toString method returns just a placeholder and the real value must
be retrieved using getValue method.

This is useful for wrapping values such as TPM data, secure boot
NVRAM data, or passwords passed in cloud init, in order to prevent
them from exposing in DEBUG logs.  See the followup patches for
particular examples.
@mz-pdm
core: Use SecretValue to protect TPM and secure boot data
3a63752
@mz-pdm
core: Replace cloud-init password in debug logs
9099867 
The password is currently replaced in meta data but it occurs in user
data.  Let’s replace it there too.
smelamud
smelamud approved these changes Sep 22, 2022
View reviewed changes
Copy link
Member

@smelamud smelamud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks, Milan!

@ljelinkova ljelinkova merged commit 4000755 into oVirt:master Oct 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smelamud smelamud smelamud approved these changes

@ljelinkova ljelinkova ljelinkova approved these changes

@emesika emesika Awaiting requested review from emesika emesika is a code owner

@mwperina mwperina Awaiting requested review from mwperina mwperina is a code owner

@ahadas ahadas Awaiting requested review from ahadas ahadas is a code owner

@bennyz bennyz Awaiting requested review from bennyz bennyz is a code owner

@michalskrivanek michalskrivanek Awaiting requested review from michalskrivanek michalskrivanek is a code owner

@oliel oliel Awaiting requested review from oliel oliel is a code owner

@sgratch sgratch Awaiting requested review from sgratch sgratch is a code owner

@didib didib Awaiting requested review from didib didib is a code owner

Assignees

@mz-pdm mz-pdm

Labels
bug verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mz-pdm @smelamud @ljelinkova