Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The log output of the conjur-role without "no_log" set to true has been reviewed #45

Open
BradleyBoutcher opened this issue Sep 25, 2020 · 0 comments
Open

The log output of the conjur-role without "no_log" set to true has been reviewed #45

BradleyBoutcher opened this issue Sep 25, 2020 · 0 comments
Labels
component/ansible kind/enhancement kind/XA

Comments

@BradleyBoutcher
Copy link
Contributor

BradleyBoutcher commented Sep 25, 2020
edited by izgeri
Loading

The following comment is in our README.md:

### Recommendations

- Add `no_log: true` to each play that uses sensitive data, otherwise that data can be printed to
  the logs.

- Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs
  it.

We should review these recommendations to determine if there is a way to ensure no information is accidentally displayed in the logs by default (e.g. without specifying no_log: true) to improve the overall security and UX of the role.
@BradleyBoutcher BradleyBoutcher mentioned this issue Sep 25, 2020
Merged
6 tasks
@izgeri izgeri mentioned this issue Oct 16, 2020
Closed
1 task
@izgeri izgeri changed the title The conjur-role has been vetted for information displayed in logs The log output of the conjur-role without "no_log" set to true has been reviewed Dec 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/ansible kind/enhancement kind/XA
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BradleyBoutcher