Project

General

Profile

Feature #54580

common/options: add FLAG_SECURE to Ceph options

Added by Ernesto Puerta about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
% Done:

0%

Source:
Support
Tags:
Backport:
quincy, pacific
Reviewed:
Affected Versions:
Component(RADOS):
Monitor, ceph cli
Pull request ID:

Description

Context

It has been reported by several users that ceph config dump and ceph config-key dump may expose sensitive information (Grafana admin password, RGW API keys, RBD mirror secrets, etc.). These users would prefer to have a dump that omits or redacts the secrets from that output (in a similar way as password inputs mask the remembered passwords).

# ceph config-key dump
...
       "config-history/xx/+mgr/mgr/dashboard/RGW_API_ACCESS_KEY": "12345679ABCDEF",
...

Implementation proposal

Ceph options support flags, so a new flag (e.g.: FLAG_SECRET) could be used to hint that a given option contains sensitive information and it therefore shouldn't be reproduced by default.

In order to still allow users to perform a complete dump of settings, a new command option should be specified (e.g.: @ceph config-key dump --include-secrets).

Before:

# ceph config-key dump
...
       "config-history/xx/+mgr/mgr/dashboard/RGW_API_ACCESS_KEY": "*****************",
...

After:

# ceph config-key dump --secrets
...
       "config-history/xx/+mgr/mgr/dashboard/RGW_API_ACCESS_KEY": "12345679ABCDEF",
...

References

Also available in: Atom PDF