Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement request: Ability to mask pillar output in state.apply output #56043

Open
udf2457 opened this issue Jan 31, 2020 · 4 comments
Open

Enhancement request: Ability to mask pillar output in state.apply output #56043

udf2457 opened this issue Jan 31, 2020 · 4 comments
Labels
Feature new functionality including changes to functionality and code refactors, etc. Pillar
Projects
Aluminium
Milestone
Approved

Comments

@udf2457
Copy link

udf2457 commented Jan 31, 2020
edited

He ability to secure secrets using gpg and using them in templates with {{ pillar['secret-squirrel'] }}" is great.

However the problem is, that it shows up in logs and outputs, e.g. calling salt 'foobar' state.apply

Maybe we can have a special alias, e.g. pillar-secret which would have identical behaviour to pillar except it would also cause the output to be automagically masked in output from state.apply and similar.
@Akm0d Akm0d added Feature new functionality including changes to functionality and code refactors, etc. Pillar labels Feb 7, 2020
@Akm0d
Copy link
Contributor

Akm0d commented Feb 7, 2020

If you add --state-output=terse to the state.apply command then no changes will be shown in the output

@Akm0d Akm0d added this to Considering in Sodium Feb 7, 2020
@Akm0d Akm0d added this to the Approved milestone Feb 7, 2020
@udf2457
Copy link
Author

udf2457 commented Feb 8, 2020

@Akm0d That is what I call a workaround, not a solution. ;-)

@Oloremo
Copy link
Contributor

Oloremo commented Feb 8, 2020

Regarding the outputs Ansible has a no_log feature: https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log

Which is very useful. I wish it'd be possible to do something like this to arbitrary Salt state.

@Akm0d Akm0d added the P3 Priority 3 label Apr 16, 2020
@sagetherage sagetherage removed this from Considering in Sodium Apr 24, 2020
@sagetherage sagetherage removed the P3 Priority 3 label Jun 3, 2020
@tuxthepenguin84
Copy link

Also the ability to mask this in the /var/log/salt/events would be great, this would allow external log gathering systems to intake this log for monitoring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature new functionality including changes to functionality and code refactors, etc. Pillar
Projects
No open projects
Aluminium
Awaiting triage
Milestone
Approved
Development

No branches or pull requests
5 participants
@Oloremo @udf2457 @Akm0d @tuxthepenguin84 @sagetherage