Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leaking credentials in logs #72

Closed
hongkongkiwi opened this issue Jun 18, 2019 · 4 comments · Fixed by #74
Closed

Leaking credentials in logs #72

hongkongkiwi opened this issue Jun 18, 2019 · 4 comments · Fixed by #74
Labels
area/core Refers to Mongo Seeding library 🐛 bug Label used for changelog generation from PRs
Projects
Mongo Seeding
Milestone
3.3.0

Comments

@hongkongkiwi
Copy link

hongkongkiwi commented Jun 18, 2019
edited

Just noticed that in the docker logs it will show this:

mongo_seed_1  | 2019-06-18T03:48:24.527Z mongo-seeding Connecting to mongodb://user:pass@mongodb:27017/db...

I'm using the dockerfile, I recommend to add a env as follows HIDE_CREDS=true

If set, I think it would make sense to have an environment variable to mask the user:pass like this:
mongodb://HIDDEN_USER:HIDDEN_PASS@mongodb:27017/db...

That way, anybody viewing the logs doesn't automatically have access to the user/pass.
@pkosiec pkosiec added area/core Refers to Mongo Seeding library 🐛 bug Label used for changelog generation from PRs labels Jun 18, 2019
@pkosiec pkosiec added this to To Do in Mongo Seeding via automation Jun 18, 2019
@pkosiec
Copy link
Owner

pkosiec commented Jun 18, 2019

Hi @hongkongkiwi,
Thank you for reporting the issue. I agree, this is a must have.

Instead of creating new environmental variable, I will always mask user:pass.

@pkosiec pkosiec added this to the 3.2.1 milestone Jun 18, 2019
@hongkongkiwi
Copy link
Author

Perfect!

@pkosiec pkosiec mentioned this issue Jun 18, 2019
Merged
Mongo Seeding automation moved this from To Do to Done Jun 19, 2019
@pkosiec
Copy link
Owner

pkosiec commented Jun 19, 2019

@hongkongkiwi The bug has been fixed! The new version of Mongo Seeding will come soon.

@hongkongkiwi
Copy link
Author

Super awesome thanks!

@pkosiec pkosiec modified the milestones: 3.2.1, 3.3.0 Jun 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/core Refers to Mongo Seeding library 🐛 bug Label used for changelog generation from PRs
Projects
Mongo Seeding
Status: Done
Mongo Seeding
  
Done
Milestone
3.3.0
Development

Successfully merging a pull request may close this issue.

Do not print DB connection user credentials in logs pkosiec/mongo-seeding
2 participants
@hongkongkiwi @pkosiec