Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't log password at boot if provided via Docker Secrets or environment #824

Closed
kylekurz opened this issue Apr 11, 2021 · 1 comment
Closed

Don't log password at boot if provided via Docker Secrets or environment #824

kylekurz opened this issue Apr 11, 2021 · 1 comment

Comments

@kylekurz
Copy link
Contributor

If the docker container is started with either a WEBPASSWORD or WEBPASSWORD_FILE argument, don't print the password to logs. This defeats the use of standard secret protection practices. The only time the password should be printed to a log file is if the container generates it randomly at boot because the user failed to provide a password.
kylekurz pushed a commit to kylekurz/docker-pi-hole that referenced this issue Apr 11, 2021
Issue pi-hole#824 - Don't log password
34500ca 
When setting the password, explicitly disable bash logging. Leave the
re-enable code so that other functions work as expected. Additionally,
do not remove the print in generate_password so randomly generated
passwords are still logged for user consistency.
kylekurz pushed a commit to kylekurz/docker-pi-hole that referenced this issue Apr 11, 2021
@kylekurz
Issue pi-hole#824 - Don't log password
de26557 
When setting the password, explicitly disable bash logging. Leave the
re-enable code so that other functions work as expected. Additionally,
do not remove the print in generate_password so randomly generated
passwords are still logged for user consistency.
kylekurz pushed a commit to kylekurz/docker-pi-hole that referenced this issue Apr 11, 2021
@kylekurz
Issue pi-hole#824 - Don't log password
bab74f5 
When setting the password, explicitly disable bash logging. Leave the
re-enable code so that other functions work as expected. Additionally,
do not remove the print in generate_password so randomly generated
passwords are still logged for user consistency.

Signed-off-by: Kyle Kurz <[email protected]>
PromoFaux pushed a commit that referenced this issue Apr 14, 2021
@kylekurz
Issue #824 - Don't log password (#825)
f530151 
When setting the password, explicitly disable bash logging. Leave the
re-enable code so that other functions work as expected. Additionally,
do not remove the print in generate_password so randomly generated
passwords are still logged for user consistency.

Signed-off-by: Kyle Kurz <[email protected]>
This was referenced Apr 14, 2021
Merged
Merged
@kylekurz
Copy link
Contributor Author

While I have opened #834 after this merged, I was able to verify this was included in the merge, so I believe this can be closed.

@PromoFaux PromoFaux mentioned this issue Apr 16, 2021
Merged
@kylekurz kylekurz mentioned this issue Apr 16, 2021
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kylekurz