disko icon indicating copy to clipboard operation
disko copied to clipboard

Published 20 hours ago verified publisher icon nix-community

Option to hide LUKS passwords when using cli utility

Open MartinLoeper opened this issue 2 years ago • 5 comments

Currently, the LUKS password is displayed in plaintext when using the disko cli utility to format or mount the disks. It would be nice if there was an option to hide logs containing sensitive data.

I stumbled across this issue as I am currently writing a custom ISO installer for our company.

MartinLoeper avatar Sep 24 '23 17:09 MartinLoeper

Is this shown by default or when using --debug?

Mic92 avatar Sep 25 '23 11:09 Mic92

It is shown by default when using disko --mode mount "XXXX" --arg disks "XXXX" --root-mountpoint "XXXX". It looks like some set -x kind of stuff.

MartinLoeper avatar Sep 25 '23 13:09 MartinLoeper

We can add a debug parameter (which I would leave at true for now. Otherwise bugreports will be way worse) which you can disable then. Does this sound like a good enough solution?

Lassulus avatar Sep 25 '23 14:09 Lassulus

We can add a debug parameter (which I would leave at true for now. Otherwise bugreports will be way worse) which you can disable then. Does this sound like a good enough solution?

We could also toggle the debug output just for cryptsetup or zfs.

Mic92 avatar Sep 25 '23 14:09 Mic92

I think this should solve the issue: https://github.com/nix-community/disko/pull/395

Mic92 avatar Sep 25 '23 14:09 Mic92