Reviewed: https://review.openstack.org/194289 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=cd6353af7b2b4b0ef392eb015cbba9122a64f8bf Submitter: Jenkins Branch: stable/kilo commit cd6353af7b2b4b0ef392eb015cbba9122a64f8bf Author: Joe Gordon <joe.gordon0 at gmail.com> Date: Mon May 4 11:19:33 2015 -0700 Mark ironic credential config as secret Mark ironic credentials as secret so we don't log the values. Detected with bandit while testing out: I3026b81317f0a6322acfc94784899a7453af586f Change-Id: Icfd13b3294a9fa0881a5ab01f50864ebcbce393e Closes-Bug: #1451931 ** Changed in: nova/kilo Status: New => Fix Committed -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1451931 Title: ironic password config not marked as secret Status in OpenStack Compute (Nova): Fix Committed Status in OpenStack Compute (nova) juno series: New Status in OpenStack Compute (nova) kilo series: Fix Committed Status in OpenStack Security Advisories: Won't Fix Status in OpenStack Security Notes: New Bug description: The ironic config option for the password and auth token are not marked as secret so the values will get logged during startup in debug mode. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1451931/+subscriptions