openstack-common

Secret/sensitive/password option values for cfg

Registered by Mark McLoughlin

When we log the values of configuration options, we should elide passwords and similarly sensitive values.

We could do this is by declaring options as sensitive e.g.

  conf.register_opt(StrOpt('admin_password', secret=True))

Blueprint information

Status:
Complete
Approver:
Mark McLoughlin
Priority:
Medium
Drafter:
Mark McLoughlin
Direction:
Approved
Assignee:
Eoghan Glynn
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Mark McLoughlin
Completed by
Mark McLoughlin

Related branches

Sprints

Whiteboard

Should we declare a on option as sensitive in the base class Opt, inead of in StrOpt? ~ jogo

Addressed by: https://review.openstack.org/5694
    Avoid leaking secrets into config logging.

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.