Reviewed: https://review.openstack.org/268199 Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=fcd9538eaf2b374ec5188426454a5c598621b902 Submitter: Jenkins Branch: master commit fcd9538eaf2b374ec5188426454a5c598621b902 Author: Brant Knudson <bknudson at us.ibm.com> Date: Thu Jan 14 16:43:55 2016 -0600 Mark password/secret options as secret Password, token, and secret options should be marked as secret=True so that when the value is logged the logger knows to obfuscate the value. Change-Id: I4818c4cc04cc6a4e1e3cf09d5e0b7b4ffefbb892 Closes-Bug: 1534299 ** Changed in: keystoneauth Status: In Progress => Fix Released -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1534299 Title: keystoneclient needs to mark secret config options Status in keystoneauth: Fix Released Status in OpenStack Security Advisory: Won't Fix Status in python-keystoneclient: Fix Released Bug description: oslo_config allows marking config options such as password as "secret", such that when/if the config options are logged they're masked out of the logs. keystoneclient defines several options for auth plugins that should be secret but are not, such as the user's password in the identity, oidc, and saml2 plugins. I don't know if these really need to be private security but might as well start out that way. To manage notifications about this bug go to: https://bugs.launchpad.net/keystoneauth/+bug/1534299/+subscriptions