-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Leaks admin secrets to log files [JIRA: RCS-379] #1326
Comments
#1279 helps? (I don't know the fix has been released or not.) |
It might help, but I'm confused - you never updated http://docs.basho.com/riak/cs/2.1.1/cookbooks/configuration/riak-cs/ to reflect the current correct and best practices in regard to the admin secret. It still says to put both admin.key and admin.secret into the riak-cs.conf file. |
64eb8de is not included in 2.1.1 and not just yet released as far as I see git tags after months absence. |
Riak CS logs the admin secret keys, which potentially leaks the secret keys to unprivileged users.
In our case, we use Riak CS in production, and the log files are collected and sent to a Logstash cluster.
Only a few sysadmins are able to view the /etc/riak-cs/ configuration files, however the Logstash logs are viewable by most staff. We didn't expect the logs to contain admin secrets.
We can work around this by filtering the secrets out, but I thought this behaviour was wrong enough to deserve me opening an issue here -- at least you can discuss amongst yourself if this is intentional and desirable behaviour.
Maybe at the very least, consider changing the log level for this to be DEBUG rather than INFO?
The text was updated successfully, but these errors were encountered: