Thomas O'Dowd created CLOUDSTACK-3342: -----------------------------------------
Summary: Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after S3 Object store creation. Key: CLOUDSTACK-3342 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3342 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: UI Affects Versions: 4.2.0 Reporter: Thomas O'Dowd 1. Login to a freshly deployed devcloud server. 2. Click Infrastructure 3. Click secondary Storage 4. Remove NFS 5. Add new S3 Secondary Storage (anything will do for this bug as its a display bug) 6. Re-visit secondary storage and click on the S3 storage you created. Expectation: You can NOT see the "secret key". Actual: You can see all the details of the S3 object store including the "secret key". The secret key is like a password. Anyone knowing the secret key can upload/delete etc from the S3 store. It should not be available easily in my opinion. I guess its easily available in the database anyway but lets keep it out of the browser after its been input. It can be displayed using ***. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira