We should have some automated testing (in jenkins or whatever) that will alert if we leak secrets.
Such a test should:
1. Pick random secrets for whatever relevant slot
engine/dwh/reports db password, engine/reports admin password, other?
2. Generate an answer file and run setup
3. Optionally (?) do some actions
to make the system work, log stuff, etc
4. Create a temporary user with only default permissions
5. Search for these secrets in all of the hosts' disk using this user
6. Alert if any are found
Perhaps do more than that. E.g.:
7. Search for these using a privileged user (root, ovirt) and verify that all occurrences are expected
This should probably include verifying suitable access to secret ssl keys as well.
Gil - assigning to you - I'm pretty sure it's an easy project to add to your tests - just grep for the password in the sosreport logs after collecting them.
Nelly did you say you want to move this to JIRA?
Why is this back on Gil?
Gil will decide who is going to test it