Secure option values cannot be used in scripts/commands
Reported by Greg Schueler | March 27th, 2012 @ 10:58 AM | in Rundeck 1.4.3 (closed)
- Issue Type: Improvement
- Rundeck version: 1.4.2
Issue:
Secure option values can only be used for SSH/sudo authentication, and cannot be used in scripts/commands.
A use case is to allow user to enter a password securely (not stored in DB), but use the value in a script, such as a DB admin password to load SQL data.
Proposal:
Add ability to have secure options that "expose" the values in scripts. Defining Job Options can select between three types of input: plain, "secure", and "secure authentication". The "secure" type will expose the value in a script, while "secure authentication" will not.
XML/Yaml job definitions will have a new attribute for options called "valueExposed=true/false".
An option definition can then specify secure="true" to indicate a "secure authentication" option. If valueExposed="true" as well, then the value will be available in scripts/commands.
example in XML:
<option name='dbPassword' valueExposed='true' secure='true'>
<description>secure DB Password entry</description>
</option>
example in YAML:
options:
dbPassword:
description: secure DB Password entry
secure: true
valueExposed: true
Comments and changes to this ticket
-
Greg Schueler April 10th, 2012 @ 12:18 PM
- State changed from “new” to “needs_verification”
-
Greg Schueler June 19th, 2012 @ 07:32 PM
- State changed from “needs_verification” to “resolved”
- Milestone order changed from “31” to “0”
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [d79bb24828c4bb6b56ecc34e6e5a3ac895e34942]) Implement passing exposed secure options to execution context
[#551] https://github.com/dtolabs/rundeck/commit/d79bb24828c4bb6b56ecc34e6...
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [349df63c10cffa0e98fbe82d26eb3c4c206981c3]) Add secureExposed property to Option [#551] https://github.com/dtolabs/rundeck/commit/349df63c10cffa0e98fbe82d2...
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [3f110cda89f38291ec9b37dfdcd465c8d22b7f42]) Add documentation about secure option input types
[#551] https://github.com/dtolabs/rundeck/commit/3f110cda89f38291ec9b37dfd...
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [9b7309b55a887e3fa561e173eca0316a3d89025b]) Fix error when only a single secure option is used [#551] https://github.com/dtolabs/rundeck/commit/9b7309b55a887e3fa561e173e...
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [dd2ab20257b0703f315ae2256356e55c642c5108]) Remove verbose logging of command string from ExtSSHExec
[#551] https://github.com/dtolabs/rundeck/commit/dd2ab20257b0703f315ae2256...
-
Greg Schueler June 21st, 2012 @ 03:14 PM
(from [bce2924f367c6d8260a5ff0e93454fa6a5cb6af8]) Update UI and Job definition formats to support secure option values exposed in scripts
[#551] https://github.com/dtolabs/rundeck/commit/bce2924f367c6d8260a5ff0e9...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues
Greg Schueler
