i would proably fix thei the way we did in nova we instaled a log filter that prevents the preives deams logs at debug level form being logged. https://github.com/openstack/nova/blob/master/nova/config.py#L78-L80 https://github.com/openstack/nova/commit/86a8aac0d76fa149b5e43c73b31227fbcf4... cinder should also insatll a log filter to only log privsep log at info by default On Tue, 2023-05-16 at 15:11 +0000, Saad, Tony wrote:
Hello,
I am reaching out to start a discussion about Bug #2003179 https://bugs.launchpad.net/cinder/+bug/2003179
The password is getting leaked in plain text from https://opendev.org/openstack/oslo.privsep/src/commit/9c026804de74ae23a60ab3.... This logger line does not always contain a password so using mask_password() and mask_dict_password() from https://docs.openstack.org/oslo.utils/latest/reference/strutils.html is probably not the best solution. Anyone have any thoughts on how to stop the password from appearing in plain text?
Thanks, Tony
Internal Use - Confidential