Cleartext passwords being displayed in history log entries

[Stephen Eaton]

Hi All,

I've just installed Stackstorm to start playing with it and noticed that in the history log entries clear text passwords along with domain user details are being displayed, at the moment I've been playing with the winRM module.  Is this normal practice for StackStorm?  Can this be configured, i.e. can cleartext passwords be disabled in history logs?

Thanks

Stephen..

[Stephen Eaton]

support answered me directly so have put the answer here for others.

https://docs.stackstorm.com/reference/secrets_masking.html

[Stephen Eaton]

Ok...after looking in my st2.conf I find that mask_secrets = True for both API and logging, therefore I shouldn't be getting clear text passwords in my log history.   After testing a couple of other modules, which all appear to handle the masking correctly, it seems that it is only in occurring in the windows module, so have logged an issue for the module here: https://github.com/StackStorm-Exchange/stackstorm-windows/issues/2

[Dmitri Zimine]

Thanks for helping to find the issue and filing it Stephen, we’ll get to hopefully soon.

--
You received this message because you are subscribed to the Google Groups "StackStorm" group.
To unsubscribe from this group and stop receiving emails from it, send an email to stackstorm+...@googlegroups.com.
To post to this group, send email to stack...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/stackstorm/727995d9-6937-414a-945b-bf5b38e04cec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.