Sensitive data in Chef logs

[isuftin]

Sensitive data is placed into Chef logs.

Example from Kitchen test run with throwaway sensitive data:

         * consul_config[consul] action create
           * directory[/etc/consul] action create (up to date)
           * directory[/etc/consul/conf.d] action create (up to date)
           * file[/etc/consul/consul.json] action create
             - update content in file /etc/consul/consul.json from 26502e to 03906c
             --- /etc/consul/consul.json        2016-11-08 19:16:39.630048962 +0000
             +++ /etc/consul/.chef-consul20161108-16435-5eox0q.json     2016-11-08 19:16:48.815048760 +0000
             @@ -1,5 +1,6 @@
       {
         "acl_datacenter": "kitchen",
             +  "acl_master_token": "67f72b33-730b-4217-856e-08b7cd0d67cf",
         "addresses": {
           "https": "0.0.0.0"
         },
             @@ -13,6 +14,7 @@
         "datacenter": "kitchen",
         "disable_remote_exec": true,
         "enable_syslog": true,
             +  "encrypt": "Q7EuxolHM+NawIgFkXegIA==",
         "key_file": "/tmp/kitchen/data/rootCA.key",
         "node_name": "kitchen_server",
         "ports": {
             - restore selinux security context

Expected behavior is for the configuration writing to take the behavior of the Chef template resource using the "sensitive" flag. Do not write out to log what is being written to the configuration files.

[empath]

Yeah, this is a big deal if you're running it with jenkins.

[legal90]

Fixed by #376

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.