https://stackoverflow.com/questions/22106415
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI added filters to rsyslog's config to drop sensitive log info.
Seems to work. Takes a bit to get the filters dropping what you want and not what you don't want.
Hiding secrets in puppet agent logs?
Question
Related to: Handling sensitive information with Puppet
Just noticed that with both augeas and templates our passwords get dumped into /var/log/messages in plain text whenever there is a change.
What methods can be used to prevent this?
No correct solution
OTHER TIPS
This has been addressed in the ask.puppet post Passwords in Puppet Log files. The post includes several options, including validating the rsyslog scrubbing method.
The main method that prevents the passwords from being displayed in your logs without extra filtering or without losing other logs is to pass show_diff => false to the appropriate resources such as file, augeas, and concat.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
