Bug #21077
closed
Don't display oauth/oidc client secret in logs
Added by François ARMAND over 2 years ago.
Updated over 2 years ago.
Description
We need to hide OIDC/oauth client secret in app log.
We can't do it in plugin, because of init order, which is a bit sad, so we need to do it in rudder main.
- Status changed from New to In progress
- Assignee set to François ARMAND
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/4261
- Status changed from Pending technical review to Pending release
- Fix check changed from To do to Checked
The property is totally absent from log, which is OK for the need, but a bit surprising compared to other protected info. Not sure why.
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.auth.displayLoginForm="hide"
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.auth.oauth2.provider.okta.authMethod="basic"
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.auth.oauth2.provider.okta.client.id="0oa3snkopsIRIIHb35d7"
<---- here, rudder.auth.oauth2.provider.okta.client.secret is not present, but not present with ******* like jdbc.password below ---->
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.auth.oauth2.provider.okta.client.redirect="http://localhost:8082/rudder-web/login/oauth2/code/{registrationId}"
...
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.jdbc.maxPoolSize="25"
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.jdbc.password=**********
[2022-05-31 13:24:49+0000] INFO application - registered property: rudder.jdbc.url="jdbc:postgresql://localhost:5432/rudder"
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.2.14 which was released today.
Also available in: Atom
PDF
Updated by 
Updated by