Bug #41320
closedFeature #47765: mgr/dashboard: security improvements
mgr/dashboard: passwords and other sensitive information is written to logs
0%
Description
Currently dashboard is storing in plain text logs the following sentitive information:
- Dashboard user names, passwords and roles. -> handled in #37503
log_channel(audit) log [DBG] : from='client.4126 -' entity='client.admin' cmd=[{"username": "admin", "rolename": "administrator", "prefix": "dashboard ac-user-create", "password": "admin"}]
- RGW API keys:
cmd=[{"prefix": "dashboard set-rgw-api-access-key", "target": ["mgr", ""], "value": "<real_key>"}]
cmd=[{"prefix": "dashboard set-rgw-api-secret-key", "target": ["mgr", ""], "value": "<real_key>"}]:
- JWT tokens:
"JWT Token: <real_token>"
This information should be redacted from the logs. While access to logs could be limited to privileged users, this is considered insecure (even with hashed passwords).