Re: CF env reveals passwords and secrets ...


Marco Voelz
 

Dear Padma, Mathias, all,

BOSH has just included the functionality to replace all properties with the string "<redacted>" already *on the server side*.
Maybe that is an option the Cloud Controller could follow here?

Note that we're currently discussing what default behavior should be and if there should be an option to turn redacting on or off, respectively. [1]

Warm regards
Marco

[1] https://github.com/cloudfoundry/bosh/issues/1158

On 05/03/16 10:51, "Padmashree B" <padmashree.b(a)sap.com> wrote:

It will be interesting if there are any solutions to handle this from CF.
As an alternative solution, every client tools should build some logic to hide the secure variables. However, it will not be straight forward for the client tools to identify those variables to be handled in a secure way since at the end it is just a key-value pair.
This is also applicable for user-defined variables which is usually defined by application developers and there is no way to mark certain variables as secure.

Thanks,
Padma

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.