[Bug]: Security issue database credentials gets leaked in logs

[giovannicandido]

Steps to Reproduce

If you generate a password with invalid characters for a URL the database connection will fail. When this happens the log will leak the password as it prints out the connection url.

This is a big problem because in a kubernetes cluster we typically ship the logs to a central log manager like the elastic stack, new relic, and many others. These logs are shared among other developers. This will persist the password in plain text in the message logs and potentially give access to unauthorized users.

Log example:

"Error opening database of Type postgresql with source postgresql://smallstep:q^G$[email protected]/small_step_ca?sslmode=verify-full: error parsing PostgreSQL DSN: cannot parse postgresql://smallstep:[email protected]:26257/small_step_ca?sslmode=verify-full: failed to parse as URL (parse "postgresql://smallstep:q^G$[email protected]:26257/small_step_ca?sslmode=verify-full": net/url: invalid userinfo)"

Sensitive information was replaced with xxx.

Your Environment

• OS - Any
• step-ca Version - v0.24.2

Expected Behavior

I expect that the password is never logged

Actual Behavior

The full connection string is logged and it contains the password

Additional Context

It would be better if the password is a key in the configuration and not in the connection string.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[dopey]

Hey @giovannicandido 👋. Thanks for opening the issue / bug!

I'll try and take a look at it this week (or within the next couple weeks).