[Openstack-security] [Bug 1534299] Re: keystoneclient needs to mark secret config options
Tristan Cacqueray
tdecacqu at redhat.com
Fri Jan 15 15:11:27 UTC 2016
I've removed the privacy settings and put the OSSA tasks as Won't Fix
since it's a B3 type of bug (according to VMT taxonomy
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
), This can be put back to incomplete if the situation changes.
** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1534299
Title:
keystoneclient needs to mark secret config options
Status in keystoneauth:
New
Status in OpenStack Security Advisory:
Won't Fix
Status in python-keystoneclient:
New
Bug description:
oslo_config allows marking config options such as password as
"secret", such that when/if the config options are logged they're
masked out of the logs.
keystoneclient defines several options for auth plugins that should be
secret but are not, such as the user's password in the identity, oidc,
and saml2 plugins.
I don't know if these really need to be private security but might as
well start out that way.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystoneauth/+bug/1534299/+subscriptions
More information about the Openstack-security
mailing list