[ https://issues.apache.org/jira/browse/CLOUDSTACK-3274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13714583#comment-13714583 ]
Min Chen commented on CLOUDSTACK-3274: -------------------------------------- This is similar to CLOUDSTACK-505. I have added fix to remove accesskey=xxx and secretkey=xxx from api query string and api response, also hide accesskey and secretkey from S3TO printout in all internal agent command logging. > API Refactoring: secretkey and accesskey of the backing store is found in > plaintext in the logs > ----------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-3274 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3274 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Storage Controller > Affects Versions: 4.2.0 > Reporter: Prasanna Santhanam > Assignee: Min Chen > Priority: Critical > Fix For: 4.2.0 > > > Should we be printing the s3 store credentials in the logs in plaintext? Can > it be sanitized? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira