sudo chef-server-ctl user-create shouldn't show the key in the terminal #1808
Labels
Aspect: Security
Can an unwanted third party affect the stability or look at privileged information?
Component: chef-server-ctl
Status: Good First Issue
An issue ready for a new contributor.
Status: To be prioritized
Indicates that product needs to prioritize this issue.
Triage: Confirmed
Indicates and issue has been confirmed as described.
Type: Bug
Does not work as expected.
Chef Server Version
13.0
Platform Details
Ubuntu 18.04
Configuration
Standalone
Scenario:
When the user runs 'sudo chef-server-ctl user-create ...' it currently creates the private key in the terminal. This means the private key is available in terminal scrollback which can be infinite for a lot of users. This seems like a bad security setup. We should just write the key to disk and then tell the user where to find it. That's how a lot of similar CLI tools handle key generation so they don't save secrets into insecure mediums.
The text was updated successfully, but these errors were encountered: