[OPENJDK-2833] Possible fix for OpenJDK image should scrub passwords from logs #466
Conversation
Signed-off-by: Adriano Machado <[email protected]>
|
If users are specifying sensitive values in environment variables, then detecting that in logs (even perfectly which I contend is impossible) and masking it there is only part of the problem. It will still be present in the environment wrt to the java process, and could end up written out in either logs or other outputs depending on situational context; that can be mitigated against in the run scripts (see e.g. jboss-container-images@4a2ae60 for a technique) but it will also be permanently enshrined in the container metadata, and I don't know of any way of addressing that. Worse, masking it in logs might lead the user to believe it is properly protected in the other contexts when it isn't. I believe OpenShift has a secrets system to manage injecting sensitive data into containers without these drawbacks. It's probably better that users rely on that than bare environment variables. We might need to extend the images to support bridging that functionality to e.g. |
jmtd
changed the title
Signed-off-by: Jonathan Dowland <[email protected]>
Signed-off-by: Jonathan Dowland <[email protected]>
|
@jerboaa I've made an adjustment and added a Behave test; please TAL! |
That's true. It could be extended to that without much trouble. I haven't surveyed what the most common likely sensitive parameters will be named. I'll leave this as a follow-on. |
https://issues.redhat.com/browse/OPENJDK-2833
This PR masks password provided via Java parameters on a command line. This is a possible fix for https://issues.redhat.com/browse/CSB-3783.
Thanks for submitting your Pull Request!
Please make sure your PR meets the following requirements:
[OPENJDK-XYZ] SubjectCONTRIBUTING.md)Signed-off-by: Your Name <[email protected]>- usegit commit -s