-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Puppet module exposes passwords - current and previous in plane text during puppet runs #82
Comments
Any response on this? It's kinda a security breach... |
Sorry for the slow @alexizmailov. I will have a look at disabling this. I'm not sure how to do this in a custom provider. CC: @roidelapluie |
@bastelfreak I think I know how to fix this. Let me know if you need any help. |
See https://puppet.com/docs/puppet/5.3/custom_types.html#customizing-behaviour |
Any update with this @bastelfreak / @alexjfisher ? We've got a dodgy hack in place but I'd like to remove it ;P |
@sammcj Are you able to create a PR? The change should actually be quite simple. In
def is_to_s( _currentvalue )
'[old password redacted]'
end
def should_to_s( _newvalue )
'[new password redacted]'
end |
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Puppet code:
Hiera data
What are you seeing
After changing passwords:
What behaviour did you expect instead
Notice: /Stage[main]/Profiles::Services::Dashboard/Grafana_user[guest]/password: password changed
Notice: /Stage[main]/Profiles::Services::Dashboard/Grafana_datasource[influxdb]/password: password changed
Output log
Any additional information you'd like to impart
No
The text was updated successfully, but these errors were encountered: