From 63f68735c2dd01baf2c39dfa99b4a61896d04f82 Mon Sep 17 00:00:00 2001 From: Eoghan Glynn Date: Tue, 28 May 2013 10:45:56 +0000 Subject: [PATCH] Mark sensitive config options as secret. Avoid these values inadvertently leaking into logs. Change-Id: Iec3a683f8aeca265143ac450f5153f3d10dba1c5 --- ceilometer/publisher/meter.py | 1 + ceilometer/service.py | 1 + ceilometer/storage/__init__.py | 1 + 3 files changed, 3 insertions(+) diff --git a/ceilometer/publisher/meter.py b/ceilometer/publisher/meter.py index eab71aafc..19f14ea69 100644 --- a/ceilometer/publisher/meter.py +++ b/ceilometer/publisher/meter.py @@ -40,6 +40,7 @@ METER_PUBLISH_OPTS = [ deprecated_group="DEFAULT", ), cfg.StrOpt('metering_secret', + secret=True, default='change this or be hacked', help='Secret value for signing metering messages', deprecated_group="DEFAULT", diff --git a/ceilometer/service.py b/ceilometer/service.py index 9286abd19..c6131d94b 100644 --- a/ceilometer/service.py +++ b/ceilometer/service.py @@ -46,6 +46,7 @@ CLI_OPTIONS = [ default=os.environ.get('OS_USERNAME', 'ceilometer'), help='Username to use for openstack service access'), cfg.StrOpt('os-password', + secret=True, default=os.environ.get('OS_PASSWORD', 'admin'), help='Password to use for openstack service access'), cfg.StrOpt('os-tenant-id', diff --git a/ceilometer/storage/__init__.py b/ceilometer/storage/__init__.py index 72876d8fe..85b852e44 100644 --- a/ceilometer/storage/__init__.py +++ b/ceilometer/storage/__init__.py @@ -34,6 +34,7 @@ STORAGE_ENGINE_NAMESPACE = 'ceilometer.storage' STORAGE_OPTS = [ cfg.StrOpt('database_connection', + secret=True, default='mongodb://localhost:27017/ceilometer', help='Database connection string', ),