bug: mark password as sensitive in puppet_agent::install task #775
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jordanbreen28
force-pushed
the
mark_password_as_sensitive
branch
from
a3f2751 to
ae6ed84
Compare
jordanbreen28
force-pushed
the
mark_password_as_sensitive
branch
5 times, most recently
from
2b73996 to
2649dc2
Compare
jordanbreen28
force-pushed
the
mark_password_as_sensitive
branch
5 times, most recently
from
06395f3 to
94ad6e4
Compare
joshcooper
reviewed
May 6, 2025
jordanbreen28
force-pushed
the
mark_password_as_sensitive
branch
4 times, most recently
from
d8fbc20 to
bfab55a
Compare
This commit marks `password` as sensitive in the install.json bolt task
param metadata.
This prevents password from being shown in plaintext, in the bolt logs.
before:
```
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"latest","password":"1234","_task":"puppet_agent::install"}' on [".."]
```
after:
```
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"latest","password":"Sensitive [value redacted]","_task":"puppet_agent::install"}' on [".."]
jordanbreen28
force-pushed
the
mark_password_as_sensitive
branch
from
bfab55a to
86c4070
Compare
jordanbreen28
changed the title
joshcooper
approved these changes
May 7, 2025
There was a problem hiding this comment.
Verified both tasks redact the password:
ssh
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"8.12.0","username":"forge-key","password":"Sensitive [value redacted]","_task":"puppet_agent::install"}' on ["shy-forerunner.delivery.puppetlabs.net"]
winrm
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"8.11.0.60.g0b032a12d","username":"forge-key","password":"Sensitive [value redacted]","_task":"puppet_agent::install"}' on ["winrm://dramatical-pill.delivery.puppetlabs.net"]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit marks
passwordas sensitive in the install.json bolt task param metadata.This prevents password from being shown in plaintext, in the bolt logs.
before:
after: