Reviewed: https://review.openstack.org/269363 Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=1da2c545c3c9099eedf81ebc8b95ab08b311a8c0 Submitter: Jenkins Branch: stable/liberty commit 1da2c545c3c9099eedf81ebc8b95ab08b311a8c0 Author: Brant Knudson <bknudson at us.ibm.com> Date: Thu Jan 14 16:22:04 2016 -0600 Mark password/secret options as secret Password, token, and secret options should be marked as secret=True so that when the value is logged the logger knows to obfuscate the value. Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4 Closes-Bug: 1534299 (cherry picked from commit 04f9f33b4b6079d39c3feea0b1ec1211a1de6a04) -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1534299 Title: keystoneclient needs to mark secret config options Status in keystoneauth: Fix Released Status in OpenStack Security Advisory: Won't Fix Status in python-keystoneclient: Fix Released Bug description: oslo_config allows marking config options such as password as "secret", such that when/if the config options are logged they're masked out of the logs. keystoneclient defines several options for auth plugins that should be secret but are not, such as the user's password in the identity, oidc, and saml2 plugins. I don't know if these really need to be private security but might as well start out that way. To manage notifications about this bug go to: https://bugs.launchpad.net/keystoneauth/+bug/1534299/+subscriptions