DescriptionAnand Jambhulkar
2018-12-13 14:04:12 UTC
1. What is the exact nature of the problem trying to be solved with this request?
Satellite admin password is saved in plaintext in " /root/.hammer/cli.modules.d/foreman.yml" file for hammer cli command execution. We would like the file to save encrypted password and not in plaintext.
2. List the business requirements.
Password should not be saved in plaintext on any server.
3. Do you have specific timeline dependencies?
We have professional services onsite helping us with satellite deployment so would like know if there is a way we can force hammer to save password in encypted format. If not please add this as a new feature in next satellite version.
4. Can you please explain us the what are the functional requirements? If test cases can be provided this would be even more ideal.
Password should not be saved in plaintext format.
5. Would you be able to assist in testing this functionality if implemented?
I believe Red Hat should be able to test and verify this functionality on satellite application.
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you.
To avoid storing passwords in plaintext, one can use personal access tokens. There's API and hammer support for creating the token, that can be then used instead of a password. Also note that as long as the file is owner by root and set to 0600, it has the same level of security as the virt-who-password tool.
1. What is the exact nature of the problem trying to be solved with this request? Satellite admin password is saved in plaintext in " /root/.hammer/cli.modules.d/foreman.yml" file for hammer cli command execution. We would like the file to save encrypted password and not in plaintext. 2. List the business requirements. Password should not be saved in plaintext on any server. 3. Do you have specific timeline dependencies? We have professional services onsite helping us with satellite deployment so would like know if there is a way we can force hammer to save password in encypted format. If not please add this as a new feature in next satellite version. 4. Can you please explain us the what are the functional requirements? If test cases can be provided this would be even more ideal. Password should not be saved in plaintext format. 5. Would you be able to assist in testing this functionality if implemented? I believe Red Hat should be able to test and verify this functionality on satellite application.