Page MenuHomePhabricator
Create Task
Maniphest T217231

puppet leaks sensitive cryptographic acme-chief material
Closed, ResolvedPublic
Actions

Description

on certificate renewal, new private keys are being leaked into some tools like puppetboard cause the diff between the old key and the new one is being reported.

Details

SubjectRepoBranchLines +/-
acme_chief: Avoid showing diffs of private keysoperations/puppetproduction+6 -5
Customize query in gerrit

Event Timeline

Vgutierrez created this task.Feb 27 2019, 8:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 27 2019, 8:45 AM
Vgutierrez triaged this task as High priority.Feb 27 2019, 8:45 AM
gerritbot subscribed.Feb 27 2019, 8:47 AM

Change 493167 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Avoid showing diffs of private keys

https://gerrit.wikimedia.org/r/493167

gerritbot added a project: Patch-For-Review.Feb 27 2019, 8:47 AM
gerritbot added a comment.Feb 27 2019, 8:50 AM

Change 493167 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Avoid showing diffs of private keys

https://gerrit.wikimedia.org/r/493167

Vgutierrez closed this task as Resolved.Feb 27 2019, 8:52 AM
Vgutierrez added a subscriber: Volans.

Thanks @Volans for reporting the issue <3

Volans awarded a token.Feb 27 2019, 8:54 AM
Vgutierrez removed a project: Patch-For-Review.Feb 27 2019, 9:01 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL