Jira (HI-633) Content from eyaml should be Sensitive by default

6 views
Skip to first unread message

Pat Riehecky (Jira)

unread,
Sep 19, 2022, 11:01:03 AM9/19/22
to puppe...@googlegroups.com
Pat Riehecky created an issue
 
Hiera / Improvement HI-633
Content from eyaml should be Sensitive by default
Issue Type: Improvement Improvement
Assignee: Unassigned
Created: 2022/09/19 8:00 AM
Priority: Normal Normal
Reporter: Pat Riehecky

When content is decoded from an `eyaml` backend, hiera should automatically mark it as a Sensitive data type.  Currently it is just converted to the backing data type.

This can lead to unintended disclosure of the encrypted values within modules.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.20.11#820011-sha1:0629dd8)
Atlassian logo

Henrik Lindberg (Jira)

unread,
Oct 2, 2022, 5:21:03 PM10/2/22
to puppe...@googlegroups.com
Henrik Lindberg commented on Improvement HI-633
 
Re: Content from eyaml should be Sensitive by default

This would need to be done in the eyaml module since it can read plain yaml as well as the specially encoded eyaml content. Many users rely on eyaml backend to also read plain text so cannot be done in hiera as it would not know if the source was encoded or not.
Reply all
Reply to author
Forward
0 new messages