Passwords in command line options are logged in clear text #953
Comments
|
We are addressing things similar to this in 0.10.1 - #948 |
ferventcoder
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original Title: "source add -s [url]-u [user] -p [pass]" puts clear text password in chocolatey log file
It appears that the default chocolatey logging (debug?) captures the password for a source in the log.
I have worked hard to eliminate the password being recorded on the clients I build using packer and chocolatey, but I can't fix this one.
Even for debug logs I think that secrets should not be recordable in the log.
The text was updated successfully, but these errors were encountered: