Redact AWS credentials in build output
Closed this issue · 8 comments
akbertram commented
Currently the plugin dumps the raw request / response to the console, which is helpful, but exposes AWS credentials and/or database passwords if they are being provided through the AWS_ACCESS_KEY_ID, AWS_SECRET_KEY or PARAM1, PARAM2, etc.. optionSettings.
If deployment is run on a build server like jenkins, the passwords are visible in the build results.
Maybe a verbose option?
Deleted user commented
this comes from aws sdk; there is a logging setting there
aldrinleal commented
Parts.
We need to add a flag and obviously place a new logging definition, but it also looks it gets some from default.
aldrinleal commented
I added a stub log4j.properties. Internally thouth, it looks it uses log4j, so I patched up a log4j.properties. I plan to later swap to an empty commons-logging and try to address via logback, with plans to make the verbose flag turn the proper logging for AWS sdk logging calls.
What do you think, gentlemen?
akbertram commented
Sounds good to me!
aldrinleal commented
Alex,
I figured out. Due to JCL, for some weird reason, log4j is not available to the plugin runtime, so the log4j.properties actually is placebo.
I forced it to include log4j and the newer verbose flag should take care of disabling it (hey - I tested that!)
akbertram commented
Hey, where do I set the verbose flag?
I'm still getting sensitive stuff in the log file: (I've redacted the sensitive stuff with *** for the purposes of posting the issue :-)
[INFO] [INFO]
[INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:upload-source-bundle (default) @ activityinfo-server ---
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/commons-logging/commons-logging/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/commons-logging/commons-logging/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/codehaus/jackson/jackson-core-asl/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/codehaus/jackson/jackson-core-asl/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/javax/mail/mail/maven-metadata.xml
[INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/javax/mail/mail/maven-metadata.xml
[INFO] [INFO] Target Path: s3://activityinfo-wars/2.6.17-RELEASE.war
[INFO] [INFO] Uploading artifact file: /mnt/workspace/jenkins/ActivityInfo-2.6/target/checkout/server/target/activityinfo-server-2.6.17.war
[INFO] Jul 6, 2012 9:32:51 AM com.amazonaws.http.AmazonHttpClient executeHelper
[INFO] INFO: Sending Request: PUT https://activityinfo-wars.s3.amazonaws.com /2.6.17-RELEASE.war Headers: (Content-Length: 58417483, Content-MD5: kGDfKT1WgsqFYo7TBhIVuQ==, Content-Type: application/octet-stream, )
[INFO] Jul 6, 2012 9:32:58 AM com.amazonaws.http.AmazonHttpClient handleResponse
[INFO] INFO: Received successful response: 200, AWS Request ID: AAD87C2722A9B49F
[INFO] [INFO] Artifact Uploaded
[INFO] [INFO] SUCCESS
[INFO] [INFO] ETag: 9060df293d5682ca85628ed3061215b9 [class: String]
[INFO] [INFO]
[INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:create-application-version (default) @ activityinfo-server ---
[INFO] Jul 6, 2012 9:32:58 AM com.amazonaws.http.AmazonHttpClient executeHelper
[INFO] INFO: Sending Request: POST https://elasticbeanstalk.us-east-1.amazonaws.com / Parameters: (ApplicationName: activityinfo, Description: ActivityInfo Server, VersionLabel: 2.6.17-RELEASE, SignatureMethod: HmacSHA256, AWSAccessKeyId: *************************, Timestamp: 2012-07-06T09:32:58.975Z, Signature: D/n*************************,, SourceBundle.S3Key: 2.6.17-RELEASE.war, Action: CreateApplicationVersion, Version: 2010-12-01, SignatureVersion: 2, SourceBundle.S3Bucket: activityinfo-wars, AutoCreateApplication: true, )
[INFO] Jul 6, 2012 9:32:59 AM com.amazonaws.http.AmazonHttpClient handleResponse
[INFO] INFO: Received successful response: 200, AWS Request ID: 930346cc-c74d-11e1-ba9b-75ad289ac352
[INFO] [INFO] SUCCESS
[INFO] [INFO] sourceBundle: {S3Bucket: activityinfo-wars, S3Key: 2.6.17-RELEASE.war, } [class: S3Location]
[INFO] [INFO] versionLabel: 2.6.17-RELEASE [class: String]
[INFO] [INFO] description: ActivityInfo Server [class: String]
[INFO] [INFO] applicationName: activityinfo [class: String]
[INFO] [INFO] dateCreated: Fri Jul 06 09:32:59 UTC 2012 [class: Date]
[INFO] [INFO] dateUpdated: Fri Jul 06 09:32:59 UTC 2012 [class: Date]
[INFO] [INFO]
[INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:create-environment (default) @ activityinfo-server ---
[INFO] Jul 6, 2012 9:32:59 AM com.amazonaws.http.AmazonHttpClient executeHelper
[INFO] INFO: Sending Request: POST https://elasticbeanstalk.us-east-1.amazonaws.com / Parameters: (ApplicationName: activityinfo, OptionSettings.member.6.Namespace: aws:elasticbeanstalk:application:environment, OptionSettings.member.6.OptionName: PARAM2, OptionSettings.member.4.OptionName: Stickiness Cookie Expiration, VersionLabel: 2.6.17-RELEASE, OptionSettings.member.7.OptionName: AWS_ACCESS_KEY_ID, OptionSettings.member.1.OptionName: ImageId, SolutionStackName: 32bit Amazon Linux running Tomcat 7, OptionSettings.member.2.OptionName: EC2KeyName, Signature: *************************,/*************************,=, OptionSettings.member.8.OptionName: AWS_SECRET_KEY, CNAMEPrefix: activityinfo-223c19e, OptionSettings.member.7.Namespace: aws:elasticbeanstalk:application:environment, Action: CreateEnvironment, OptionSettings.member.6.Value: activityinfo26.production.properties, OptionSettings.member.2.Value: bedatadriven, OptionSettings.member.2.Namespace: aws:autoscaling:launchconfiguration, OptionSettings.member.8.Value: *************************,/*************************,, Version: 2010-12-01, OptionSettings.member.3.OptionName: Stickiness Policy, OptionSettings.member.4.Namespace: aws:elb:policies, OptionSettings.member.5.Namespace: aws:elasticbeanstalk:application:environment, Description: ActivityInfo Server, OptionSettings.member.5.Value: activityinfo-conf, SignatureMethod: HmacSHA256, OptionSettings.member.3.Namespace: aws:elb:policies, AWSAccessKeyId: *************************,, Timestamp: 2012-07-06T09:32:59.576Z, OptionSettings.member.4.Value: 3600, OptionSettings.member.1.Value: ami-8810e8e1, OptionSettings.member.5.OptionName: PARAM1, EnvironmentName: release-223c19e, OptionSettings.member.1.Namespace: aws:autoscaling:launchconfiguration, OptionSettings.member.8.Namespace: aws:elasticbeanstalk:application:environment, SignatureVersion: 2, OptionSettings.member.7.Value: A*************************,, OptionSettings.member.3.Value: true, )
[INFO] Jul 6, 2012 9:33:01 AM com.amazonaws.http.AmazonHttpClient handleResponse
[INFO] INFO: Received successful response: 200, AWS Request ID: 9352ecad-c74d-11e1-821b-476f77e10a16
[INFO] [INFO] SUCCESS
[INFO] [INFO] versionLabel: 2.6.17-RELEASE [class: String]
[INFO] [INFO] status: Launching [class: String]
[INFO] [INFO] applicationName: activityinfo [class: String]
[INFO] [INFO] health: Grey [class: String]
[INFO] [INFO] dateUpdated: Fri Jul 06 09:33:01 UTC 2012 [class: Date]
[INFO] [INFO] environmentId: e-7j389uuuws [class: String]
[INFO] [INFO] solutionStackName: 32bit Amazon Linux running Tomcat 7 [class: String]
[INFO] [INFO] CNAME: activityinfo-223c19e.elasticbeanstalk.com [class: String]
[INFO] [INFO] description: ActivityInfo Server [class: String]
[INFO] [INFO] dateCreated: Fri Jul 06 09:33:01 UTC 2012 [class: Date]
[INFO] [INFO] environmentName: release-223c19e [class: String]
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [INFO] Reactor Summary:
[INFO] [INFO]
[INFO] [INFO] ActivityInfo Parent POM ........................... SUCCESS [6.581s]
[INFO] [INFO] ActivityInfo Server ............................... SUCCESS [9:02.068s]
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [INFO] BUILD SUCCESS
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [INFO] Total time: 9:08.887s
[INFO] [INFO] Finished at: Fri Jul 06 09:33:01 UTC 2012
[INFO] [INFO] Final Memory: 48M/249M
aldrinleal commented
Have you looked at the version? Looks its your fork, right?
-- Aldrin Leal, aldrin@leal.eng.br / http://meadiciona.com/aldrinleal
On Fri, Jul 6, 2012 at 6:57 AM, Alex Bertram
reply@reply.github.com
wrote:
Hey, where do I set the verbose flag?
I'm still getting sensitive stuff in the log file: (I've redacted the sensitive stuff with *** for the purposes of posting the issue :-)
[INFO] [INFO] [INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:upload-source-bundle (default) @ activityinfo-server --- [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/commons-logging/commons-logging/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/commons-logging/commons-logging/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/codehaus/jackson/jackson-core-asl/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/codehaus/jackson/jackson-core-asl/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/javax/mail/mail/maven-metadata.xml [INFO] Downloading: https://oss.sonatype.org/content/repositories/snapshots/javax/mail/mail/maven-metadata.xml [INFO] [INFO] Target Path: s3://activityinfo-wars/2.6.17-RELEASE.war [INFO] [INFO] Uploading artifact file: /mnt/workspace/jenkins/ActivityInfo-2.6/target/checkout/server/target/activityinfo-server-2.6.17.war [INFO] Jul 6, 2012 9:32:51 AM com.amazonaws.http.AmazonHttpClient executeHelper [INFO] INFO: Sending Request: PUT https://activityinfo-wars.s3.amazonaws.com /2.6.17-RELEASE.war Headers: (Content-Length: 58417483, Content-MD5: kGDfKT1WgsqFYo7TBhIVuQ==, Content-Type: application/octet-stream, ) [INFO] Jul 6, 2012 9:32:58 AM com.amazonaws.http.AmazonHttpClient handleResponse [INFO] INFO: Received successful response: 200, AWS Request ID: AAD87C2722A9B49F [INFO] [INFO] Artifact Uploaded [INFO] [INFO] SUCCESS [INFO] [INFO] ETag: 9060df293d5682ca85628ed3061215b9 [class: String] [INFO] [INFO] [INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:create-application-version (default) @ activityinfo-server --- [INFO] Jul 6, 2012 9:32:58 AM com.amazonaws.http.AmazonHttpClient executeHelper [INFO] INFO: Sending Request: POST https://elasticbeanstalk.us-east-1.amazonaws.com / Parameters: (ApplicationName: activityinfo, Description: ActivityInfo Server, VersionLabel: 2.6.17-RELEASE, SignatureMethod: HmacSHA256, AWSAccessKeyId: *************************, Timestamp: 2012-07-06T09:32:58.975Z, Signature: D/n*************************,, SourceBundle.S3Key: 2.6.17-RELEASE.war, Action: CreateApplicationVersion, Version: 2010-12-01, SignatureVersion: 2, SourceBundle.S3Bucket: activityinfo-wars, AutoCreateApplication: true, ) [INFO] Jul 6, 2012 9:32:59 AM com.amazonaws.http.AmazonHttpClient handleResponse [INFO] INFO: Received successful response: 200, AWS Request ID: 930346cc-c74d-11e1-ba9b-75ad289ac352 [INFO] [INFO] SUCCESS [INFO] [INFO] sourceBundle: {S3Bucket: activityinfo-wars, S3Key: 2.6.17-RELEASE.war, } [class: S3Location] [INFO] [INFO] versionLabel: 2.6.17-RELEASE [class: String] [INFO] [INFO] description: ActivityInfo Server [class: String] [INFO] [INFO] applicationName: activityinfo [class: String] [INFO] [INFO] dateCreated: Fri Jul 06 09:32:59 UTC 2012 [class: Date] [INFO] [INFO] dateUpdated: Fri Jul 06 09:32:59 UTC 2012 [class: Date] [INFO] [INFO] [INFO] [INFO] --- beanstalk-maven-plugin:0.2.2-bedatadriven:create-environment (default) @ activityinfo-server --- [INFO] Jul 6, 2012 9:32:59 AM com.amazonaws.http.AmazonHttpClient executeHelper [INFO] INFO: Sending Request: POST https://elasticbeanstalk.us-east-1.amazonaws.com / Parameters: (ApplicationName: activityinfo, OptionSettings.member.6.Namespace: aws:elasticbeanstalk:application:environment, OptionSettings.member.6.OptionName: PARAM2, OptionSettings.member.4.OptionName: Stickiness Cookie Expiration, VersionLabel: 2.6.17-RELEASE, OptionSettings.member.7.OptionName: AWS_ACCESS_KEY_ID, OptionSettings.member.1.OptionName: ImageId, SolutionStackName: 32bit Amazon Linux running Tomcat 7, OptionSettings.member.2.OptionName: EC2KeyName, Signature: *************************,/*************************,=, OptionSettings.member.8.OptionName: AWS_SECRET_KEY, CNAMEPrefix: activityinfo-223c19e, OptionSettings.member.7.Namespace: aws:elasticbeanstalk:application:environment, Action: CreateEnvironment, OptionSettings.member.6.Value: activityinfo26.production.properties, OptionSettings.member.2.Value: bedatadriven, OptionSettings.member.2.Namespace: aws:autoscaling:launchco nfiguration, OptionSettings.member.8.Value: *************************,/*************************,, Version: 2010-12-01, OptionSettings.member.3.OptionName: Stickiness Policy, OptionSettings.member.4.Namespace: aws:elb:policies, OptionSettings.member.5.Namespace: aws:elasticbeanstalk:application:environment, Description: ActivityInfo Server, OptionSettings.member.5.Value: activityinfo-conf, SignatureMethod: HmacSHA256, OptionSettings.member.3.Namespace: aws:elb:policies, AWSAccessKeyId: *************************,, Timestamp: 2012-07-06T09:32:59.576Z, OptionSettings.member.4.Value: 3600, OptionSettings.member.1.Value: ami-8810e8e1, OptionSettings.member.5.OptionName: PARAM1, EnvironmentName: release-223c19e, OptionSettings.member.1.Namespace: aws:autoscaling:launchconfiguration, OptionSettings.member.8.Namespace: aws:elasticbeanstalk:application:environment, SignatureVersion: 2, OptionSettings.member.7.Value: A*************************,, OptionSettings.member.3.Value: true, ) [INFO] Jul 6, 2012 9:33:01 AM com.amazonaws.http.AmazonHttpClient handleResponse [INFO] INFO: Received successful response: 200, AWS Request ID: 9352ecad-c74d-11e1-821b-476f77e10a16 [INFO] [INFO] SUCCESS [INFO] [INFO] versionLabel: 2.6.17-RELEASE [class: String] [INFO] [INFO] status: Launching [class: String] [INFO] [INFO] applicationName: activityinfo [class: String] [INFO] [INFO] health: Grey [class: String] [INFO] [INFO] dateUpdated: Fri Jul 06 09:33:01 UTC 2012 [class: Date] [INFO] [INFO] environmentId: e-7j389uuuws [class: String] [INFO] [INFO] solutionStackName: 32bit Amazon Linux running Tomcat 7 [class: String] [INFO] [INFO] CNAME: activityinfo-223c19e.elasticbeanstalk.com [class: String] [INFO] [INFO] description: ActivityInfo Server [class: String] [INFO] [INFO] dateCreated: Fri Jul 06 09:33:01 UTC 2012 [class: Date] [INFO] [INFO] environmentName: release-223c19e [class: String] [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [INFO] Reactor Summary: [INFO] [INFO] [INFO] [INFO] ActivityInfo Parent POM ........................... SUCCESS [6.581s] [INFO] [INFO] ActivityInfo Server ............................... SUCCESS [9:02.068s] [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [INFO] BUILD SUCCESS [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [INFO] Total time: 9:08.887s [INFO] [INFO] Finished at: Fri Jul 06 09:33:01 UTC 2012 [INFO] [INFO] Final Memory: 48M/249M
Reply to this email directly or view it on GitHub:
#7 (comment)
akbertram commented
Oh whoops, totally right. Forgot to change the version in the profile!
Thanks!