[stork-users] Hiding passwords in config files
Tomek Mrugalski
tomek at isc.org
Wed Jun 9 15:45:59 UTC 2021
On 09.06.2021 15:32, Buclin, Bertrand wrote:
> Providing the live configuration of a service in Stork is a great
> feature.
Thank you for looking at Stork and for your kind comment.
> Rather than “raw” actually, a more descriptive word would be
> “live”, in my opinion, but that’s a detail.
Point taken. We'll update this the next time we touch this code.
> The more serious issue is that the password fields such as the database
> password for the config-database, the lease-database, the
> hosts-database, or the RADIUS secrets, should not display the passwords
> in clear, unless the user is a super-admin. And better, even if the user
> is a super-admin, the password should not be display by default in
> clear. You could put a small button next to the password, which allows
> to display the password when clicked.
That's a very reasonable request. We do have a mechanism to obscure
passwords when Kea logs its configuration, but sadly there is no way to
use that capability when retrieving the config using config-get (which
is what Stork is using). Anyway, these are technical details. The
conclusion here is that we need to hide the data somehow. We'll figure
it out.
Can I ask you to open a ticket for this here:
https://gitlab.isc.org/isc-projects/stork/-/issues?
Thanks!
Tomek Mrugalski
ISC
More information about the Stork-users
mailing list