We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blackbox exporter module can contain passwords as part of basic auth, its not treating modules as sensitive value and leaking info in plaintext
modules
ex_http_post_200: prober: http timeout: 10s http: valid_http_versions: - HTTP/1.1 - HTTP/2.0 follow_redirects: true preferred_ip_protocol: "ip4" method: POST headers: Content-Type: text/xml valid_status_codes: [200] body: {} basic_auth: username: "%{lookup('ex_username')}" password: "%{lookup('ex_password')}"
password is displayed in plaintext as part of puppet runs
hash or sensitive password
workaround we applied is to not show diff for puppet runs, submitting PR with code changes for this fix. PR
file { $config_file: ensure => file, owner => 'root', group => $group, mode => $config_mode, `show_diff => false,` content => template('prometheus/blackbox_exporter.yaml.erb'), notify => $notify_service, }
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
Blackbox exporter module can contain passwords as part of basic auth, its not treating
modulesas sensitive value and leaking info in plaintextAffected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
password is displayed in plaintext as part of puppet runs
What behaviour did you expect instead
hash or sensitive password
Any additional information you'd like to impart
workaround we applied is to not show diff for puppet runs, submitting PR with code changes for this fix. PR
The text was updated successfully, but these errors were encountered: