Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove token password from destroy logs #4594

Merged
merged 1 commit into from
Oct 30, 2023
Merged

Remove token password from destroy logs #4594

merged 1 commit into from
Oct 30, 2023

Conversation

fmarco76
Copy link
Member

In case of failure of the sslget command, during pkidestroy, the log will contain the full list of option including the token password. This has been obfuscated before the failure is logged.

Solve RHCS-4547

@fmarco76 fmarco76 requested review from edewata and ladycfu October 30, 2023 11:01
@fmarco76 fmarco76 force-pushed the TokenPassLogDestroy branch from 73dcac5 to e68270d Compare October 30, 2023 11:09
@fmarco76
Remove token password from destroy logs
7f9b24d 
In case of failure of the `sslget` command, during `pkidestroy`, the log will contain the full list of option including the token password.
This has been obfuscated before the failure is logged.

Solve RHCS-4547
@fmarco76 fmarco76 force-pushed the TokenPassLogDestroy branch from e68270d to 7f9b24d Compare October 30, 2023 11:32
edewata
edewata approved these changes Oct 30, 2023
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the v10.13 branch won't build anymore on Fedora, so I think we can ignore the CI failures. The changes look good, so feel free to merge.

There's also an alternative solution: add a param in sslget to read the password from a file, then modify pkidestroy to store the password in a file.

@fmarco76
Copy link
Member Author

There's also an alternative solution: add a param in sslget to read the password from a file, then modify pkidestroy to store the password in a file.

I was thinking initially this possibility but since the problem is only in one line and the exception is immediately managed I do not think it is useful the extra-work. Additionally, in newer version is managed differently so we have not to port the fix to other branches.

@fmarco76
Copy link
Member Author

@edewata Thanks!

@fmarco76 fmarco76 merged commit 71bf161 into dogtagpki:v10.13 Oct 30, 2023
48 of 58 checks passed
@fmarco76 fmarco76 deleted the TokenPassLogDestroy branch October 30, 2023 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata edewata approved these changes

@ladycfu ladycfu Awaiting requested review from ladycfu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fmarco76 @edewata