Description of problem: Hello, when the pulling image in openshift using proxy, you can see the password used for that proxy. On building a container, these credentials are shown in clear text including the password in the logfile. This should be hidden due to security reasons. Using HTTP proxy http://user:password@inhproxy:80 and HTTPS proxy https://user:password@inhproxy:80 for script download Pulling image "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift@sha256:af61377003ae10156bab89724cd16947565ce4a4f50386a2e5d57ab9f50caa22" ... Pulling image "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift@sha256:af61377003ae10156bab89724cd16947565ce4a4f50386a2e5d57ab9f50caa22" ... Cloning "https://github.com/jboss-openshift/openshift-quickstarts.git" ... Commit: caec20220374804b2cb3d3622a754f9091af7c57 (Fixed bug: summary is displayed instead of description (cherry picked from com..) Author: ... Date: Tue Feb 9 22:55:09 2016 +0100 Version-Release number of selected component (if applicable): OpenShift Container Platform 3.4.0 Additional info: is there way to hide the password from the logs?
no, there is no way to prevent this output but the password is also visible in your build object and i imagine the same people who can see the build logs can see the build object.
Hello Ben, thank you for reply. If the proxy is set up for whole environment by sysadmin and if the admin of certain project (just his project) can see the password, then it causes the security risk. Customer many times provides his environment to 3rd party, when he set up the cluster settings and leave the project to their customers. Probably, the bug should be changed then as RFE. What do you think? Thank you
*** This bug has been marked as a duplicate of bug 1366795 ***