internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-07 13:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2020-25646: no_log=True missing for private key content options (#125)

Browse Source 
* Mark private key content options as no_log (CVE-2020-25646.)

* Mention no_log for openssl_privatekey's return_content option.

* Add change PR's URL.

* Plural.
This commit is contained in:
Felix Fontein
2020-10-13 14:14:05 +02:00
committed by GitHub
parent 7d0e5e814e
commit 233d1afc29
8 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/modules/openssl_privatekey.py
View File

@@ -152,6 +152,8 @@ options:
- If set to C(yes), will return the (current or generated) private key's content as I(privatekey).
- Note that especially if the private key is not encrypted, you have to make sure that the returned
value is treated appropriately and not accidentally written to logs etc.! Use with care!
- Use Ansible's I(no_log) task option to avoid the output being shown. See also
U(https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook).
type: bool
default: no
version_added: '1.0.0'