Password config options should be marked secret

If passwords are not marked secret, there is the potential for them to be logged in a world readable location. Link to the OSSG guideline (may change in the future): https://github.com/hyakuhei/OSSG-Security-Practices/blob/master/sensitive_config_file_options.md Oslo.config descriptions: http://docs.openstack.org/developer/oslo.config/cfg.html#special-handling-instructions SecImpact Change-Id: I6d5c80b7610d593fdd331c726039f1456d2c5bf7
2015-02-25 15:36:59 -08:00 · 2015-02-25 15:36:59 -08:00 · df63520f17
commit df63520f17
parent ee166eb5e5
1 changed files with 1 additions and 1 deletions
--- a/neutron/plugins/cisco/db/l3/device_handling_db.py
+++ b/neutron/plugins/cisco/db/l3/device_handling_db.py
@ -77,7 +77,7 @@ CSR1KV_OPTS = [
                      'becomes operational.')),
    cfg.StrOpt('csr1kv_username', default='stack',
               help=_('Username to use for CSR1kv configurations.')),
-    cfg.StrOpt('csr1kv_password', default='cisco',
+    cfg.StrOpt('csr1kv_password', default='cisco', secret=True,
               help=_('Password to use for CSR1kv configurations.'))
 ]