noobaa-operator icon indicating copy to clipboard operation
noobaa-operator copied to clipboard

Published 20 hours ago verified publisher icon noobaa

Sensitive data is printed in operator logs

Open jeniawhite opened this issue 4 years ago • 0 comments

I can see sensitive data printed in the logs. Example: time="2020-02-12T17:49:09Z" level=warning msg="using existing pool but connection mismatch &{Name:my-backingstore EndpointType:S3_COMPATIBLE Endpoint:http://jenia:80 Identity:KEY Secret:KEY AuthMethod:AWS_V4} pool &{Name:my-backingstore ResourceType:CLOUD Mode:INITIALIZING Region: PoolNodeType:BLOCK_STORE_S3 Undeletable: CloudInfo:0xc0002f5300 MongoInfo: HostInfo: Hosts:} &{EndpointType:S3_COMPATIBLE Endpoint:http://jenia:80 TargetBucket:my-backingstore Identity: NodeName: CreatedBy:[email protected] Host: AuthMethod:AWS_V4}" backingstore=openshift-storage/my-backingstore

You can see the access_key (Identity) and secret_key (Secret). There are probably more prints.

jeniawhite avatar Feb 26 '20 09:02 jeniawhite