[stork-users] Hiding passwords in config files

Buclin, Bertrand Bertrand.Buclin at intl.att.com
Wed Jun 9 16:05:09 UTC 2021 

And there are troubleshooting situations where seeing the password used in the live config is useful, so sharing it with Stork makes sense, but it needs to be hidden by default. 

Cheers, Bertrand

-----Original Message-----
From: Stork-users <stork-users-bounces at lists.isc.org> On Behalf Of Tomek Mrugalski
Sent: Wednesday, June 09, 2021 5:46 PM
To: stork-users at lists.isc.org
Subject: Re: [stork-users] Hiding passwords in config files

On 09.06.2021 15:32, Buclin, Bertrand wrote:
> Providing the live configuration of a service in Stork is a great 
> feature.
Thank you for looking at Stork and for your kind comment.

> Rather than "raw" actually, a more descriptive word would be "live", 
> in my opinion, but that's a detail.
Point taken. We'll update this the next time we touch this code.

> The more serious issue is that the password fields such as the 
> database password for the config-database, the lease-database, the 
> hosts-database, or the RADIUS secrets,  should not display the 
> passwords in clear, unless the user is a super-admin. And better, even 
> if the user is a super-admin, the password should not be display by 
> default in clear. You could put a small button next to the password, 
> which allows to display the password when clicked.
That's a very reasonable request. We do have a mechanism to obscure passwords when Kea logs its configuration, but sadly there is no way to use that capability when retrieving the config using config-get (which is what Stork is using). Anyway, these are technical details. The conclusion here is that we need to hide the data somehow. We'll figure it out.

Can I ask you to open a ticket for this here:
https://urldefense.com/v3/__https://gitlab.isc.org/isc-projects/stork/-/issues?__;!!BhdT!wBCR0EvEgWyljRy_qzJG0NqepMlJqdlixmeEYshXurU1FinPheDt_XBxaO2wpheaUAObIQ$ 

Thanks!

Tomek Mrugalski
ISC
--
Stork-users mailing list
Stork-users at lists.isc.org
https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/stork-users__;!!BhdT!wBCR0EvEgWyljRy_qzJG0NqepMlJqdlixmeEYshXurU1FinPheDt_XBxaO2wphevvXPbPQ$

More information about the Stork-users mailing list