vault: Hide values used for authentication
The following options are used for authentication with Vault, so should be hidden from logs. 1) root_token_id This is not actually an id but a token string 2) approle_role_id and approle_secret_id These are used together to obtain token Closes-Bug: #2058397 Change-Id: I0650fd12e3f51fc4d829e0be3ab95cd8b3ee03ea
This commit is contained in:
parent
b6edfda344
commit
82e1782b39
@ -28,10 +28,13 @@ DEFAULT_MOUNTPOINT = "secret"
|
|||||||
vault_opt_group = cfg.OptGroup(name='vault_plugin', title='Vault Plugin')
|
vault_opt_group = cfg.OptGroup(name='vault_plugin', title='Vault Plugin')
|
||||||
vault_opts = [
|
vault_opts = [
|
||||||
cfg.StrOpt('root_token_id',
|
cfg.StrOpt('root_token_id',
|
||||||
|
secret=True,
|
||||||
help='root token for vault'),
|
help='root token for vault'),
|
||||||
cfg.StrOpt('approle_role_id',
|
cfg.StrOpt('approle_role_id',
|
||||||
|
secret=True,
|
||||||
help='AppRole role_id for authentication with vault'),
|
help='AppRole role_id for authentication with vault'),
|
||||||
cfg.StrOpt('approle_secret_id',
|
cfg.StrOpt('approle_secret_id',
|
||||||
|
secret=True,
|
||||||
help='AppRole secret_id for authentication with vault'),
|
help='AppRole secret_id for authentication with vault'),
|
||||||
cfg.StrOpt('kv_mountpoint',
|
cfg.StrOpt('kv_mountpoint',
|
||||||
default=DEFAULT_MOUNTPOINT,
|
default=DEFAULT_MOUNTPOINT,
|
||||||
|
Loading…
Reference in New Issue
Block a user