Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TheHive's Docker entrypoint logs the Play secret key at startup #1177

Closed
shane-lawrence opened this issue Nov 25, 2019 · 1 comment
Closed

TheHive's Docker entrypoint logs the Play secret key at startup #1177

shane-lawrence opened this issue Nov 25, 2019 · 1 comment
Assignees
@To-om
Labels
enhancement
Milestone
3.4.1

Comments

@shane-lawrence
Copy link

TheHive logs the Play secret key at startup.

Request Type

Bug

Work Environment

Question Answer
OS version (server) n/a
OS version (client) n/a
TheHive version / git hash 3.4.0 / c44df9d
Package Type Docker
Browser type & version n/a

Problem Description

At startup, the Docker entrypoint prints the value of play.http.secret.key to stdout, which is commonly logged. This allows anyone with access to the logs to see the key. To practise proper secrets management, this value should not be logged.

Steps to Reproduce

  1. docker run thehiveproject/thehive:3.4.0 -- --secret notverysecret

Possible Solutions

Don't log the secret.

Complementary information

Sample output:

❯ docker run thehiveproject/thehive:3.4.0-RC2 --secret notverysecret | head -100
Using secret: notverysecret
Warning automatic elasticsearch host config fails
elasticsearch host not configured
[info] o.r.Reflections - Reflections took 180 ms to scan 4 urls, producing 118 keys and 1297 values
[info] module - Loading model class connectors.cortex.models.ReportTemplateModel
[info] module - Loading model class models.TaskModel
...
@shane-lawrence shane-lawrence mentioned this issue Nov 25, 2019
Closed
@nadouani
Copy link
Contributor

This one will be taken in a next patch

@To-om To-om mentioned this issue Jan 16, 2020
Closed
@To-om To-om self-assigned this Apr 6, 2020
@To-om To-om added this to the 3.4.1 milestone Apr 6, 2020
To-om added a commit that referenced this issue Apr 7, 2020
@To-om
#1204 #1177 Docker entrypoint refactoring
0b61291
@To-om To-om closed this as completed Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
enhancement
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
3 participants
@nadouani @shane-lawrence @To-om