Ceph

As a side effect of running commands as sudo (#22282), all commands are logged to journal/syslog this includes the auth key of the osd.

Nov 30 14:11:24 sumi2 sudo[10587]:     root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/ceph-osd --cluster ceph --osd-objectstore bluestore --mkfs -i 15 --monmap /var/lib/ceph/osd/ceph-15/activate.monmap --key AQB7AyBa+2NjIhAAVN3xoje5foheGHKVZG+qfQ== --osd-data /var/lib/ceph/osd/ceph-15/ --osd-uuid 43e7b38b-80e7-47db-b64a-079ae4a39dd1 --setuser ceph --setgroup ceph
Nov 30 14:11:26 sumi2 sudo[10724]:     root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/systemctl start ceph-osd@15
Nov 30 14:11:26 sumi2 ceph-osd[10755]: starting osd.15 at - osd_data /var/lib/ceph/osd/ceph-15 /var/lib/ceph/osd/ceph-15/journal
Nov 30 14:11:27 sumi2 ceph-osd[10755]: 2017-11-30 14:11:27.167604 7f57921d0e00 -1 osd.15 0 log_to_monitors {default=true}
Nov 30 14:11:28 sumi2 ceph-osd[10755]: 2017-11-30 14:11:28.235797 7f57795fb700 -1 osd.15 0 waiting for initial osdmap
Nov 30 14:16:19 sumi2 sudo[12557]:     root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/ceph-osd --cluster ceph --osd-objectstore bluestore --mkfs -i 17 --monmap /var/lib/ceph/osd/ceph-17/activate.monmap --key AQCiBCBaGE06ExAAIWpHOgpAjhQneHdqhNEfyA== --osd-data /var/lib/ceph/osd/ceph-17/ --osd-uuid d0e1b24a-f780-4b74-b456-fc6d37236c6d --setuser ceph --setgroup ceph
Nov 30 14:16:21 sumi2 sudo[12692]:     root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/systemctl start ceph-osd@17
Nov 30 14:16:21 sumi2 ceph-osd[12700]: starting osd.17 at - osd_data /var/lib/ceph/osd/ceph-17 /var/lib/ceph/osd/ceph-17/journal
Nov 30 14:16:21 sumi2 ceph-osd[12700]: 2017-11-30 14:16:21.932381 7f5622572e00 -1 osd.17 0 log_to_monitors {default=true}
Nov 30 14:16:23 sumi2 ceph-osd[12700]: 2017-11-30 14:16:23.006502 7f560999d700 -1 osd.17 0 waiting for initial osdmap

As those log files are often transmitted off server, the auth key will be also exposed to a wider audience.