Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-1795

Sensitive config values in diagnostics bundles

    Details

    • Story Points:
      5

      Description

      Sensitive config values such as zk_super_credentials are stored in cleartext in expanded.config.json and user.config.yaml. These files are world readable, and are included in diagnostic bundles, which users may distribute without realizing that they contain sensitive information. Sensitive config values must be removed from these files and any others that may be collected in a diagnostics bundle.

        Attachments

          Activity

            People

            • Assignee:
              branden Branden Rolston
              Reporter:
              branden Branden Rolston
              Team:
              DELETE Cluster Ops Team
              Watchers:
              Amita Ekbote, Branden Rolston, Gustav Paul (Inactive), Jan-Philip Gehrcke (Inactive), Julien Eid (Inactive)
            • Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your JIRA administrators.