i would proably fix thei the way we did in nova we instaled a log filter that prevents the preives deams logs at debug level form being logged. https://github.com/openstack/nova/blob/master/nova/config.py#L78-L80 https://github.com/openstack/nova/commit/86a8aac0d76fa149b5e43c73b31227fbcf427278 cinder should also insatll a log filter to only log privsep log at info by default On Tue, 2023-05-16 at 15:11 +0000, Saad, Tony wrote: > Hello, > > I am reaching out to start a discussion about Bug #2003179 https://bugs.launchpad.net/cinder/+bug/2003179 > > The password is getting leaked in plain text from https://opendev.org/openstack/oslo.privsep/src/commit/9c026804de74ae23a60ab3c9565d0c689b2b4579/oslo_privsep/daemon.py#L501. This logger line does not always contain a password so using mask_password() and mask_dict_password() from https://docs.openstack.org/oslo.utils/latest/reference/strutils.html is probably not the best solution. > Anyone have any thoughts on how to stop the password from appearing in plain text? > > Thanks, > Tony > > > Internal Use - Confidential