You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Given the discussion in #301, users can no longer set the root password after gitlab has been initially configured. Given this, the root password must be passed into the configuration file directly and will be output to the resource diff when updated which leaks the password into the logs.
Alternatively, the entire content string could be marked as Sensitive.
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
https://github.com/voxpupuli/puppet-gitlab/blob/master/manifests/omnibus_config.pp#L110-L121 should have
show_diffset tofalse.Given the discussion in #301, users can no longer set the root password after gitlab has been initially configured. Given this, the root password must be passed into the configuration file directly and will be output to the resource diff when updated which leaks the password into the logs.
Alternatively, the entire content string could be marked as
Sensitive.The ability to set the root password securely would be preferred.
What behaviour did you expect instead
Sensitive information should not be leaked into the run logs.
The text was updated successfully, but these errors were encountered: