Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The GitLab config file resource should not show diffs #363

Open
trevor-vaughan opened this issue Oct 29, 2020 · 0 comments
Open

The GitLab config file resource should not show diffs #363

trevor-vaughan opened this issue Oct 29, 2020 · 0 comments

Comments

@trevor-vaughan
Copy link
Contributor

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: All
  • Ruby: All
  • Distribution: All
  • Module version: All

How to reproduce (e.g Puppet code you use)

https://github.com/voxpupuli/puppet-gitlab/blob/master/manifests/omnibus_config.pp#L110-L121 should have show_diff set to false.

Given the discussion in #301, users can no longer set the root password after gitlab has been initially configured. Given this, the root password must be passed into the configuration file directly and will be output to the resource diff when updated which leaks the password into the logs.

Alternatively, the entire content string could be marked as Sensitive.

The ability to set the root password securely would be preferred.

What behaviour did you expect instead

Sensitive information should not be leaked into the run logs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant