search

bonfire-networks / bonfire-app

Bonfire - tend to your digital life in community. Customise and host your own online space and control your experience at the most granular level.
https://bonfirenetworks.org
GNU Affero General Public License v3.0
522 stars 37 forks source link

Bug: private keys present in logs #892

Closed HelgeKrueger closed 4 months ago

HelgeKrueger commented 4 months ago

The logging includes the private keys, see below for an example. As this information should be considered sensitive, it should never be logged.

[debug] [activity_pub/lib/safety/keys.ex:119@ActivityPub.Safety.Keys.ensure_keys_present/1] actor has keys : -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAieSa7HyuKYKDU6rSGPXzRYffKWCp5t4QARSw3BNe++FYWj3n
q65Hv9bzkxr849+DayaIP0c6A6n/S41PIAt6wKoumcqbIp/WgcjCVOQH7+/VXue2
YT24wC4/noolCUJnU6Fw4QN1sJoOKQNrC3n8qqqCxjRv4lwdJmHh4rDq1UXMslMH
l9SCdXnG61vQEAEDp5XWJngACOQx5Bo5rFmHwnfA0u/foAVP+ZR+6GIKteog4Xxp
1iaOTAtszOX9HmMr+ixfGfnlxxwVWfX1vQhH4mEPgY0WYYJAvmWFHvO0aJhCxE3U
uMlG9SYD7U/5ma56HQKKtCxWIJq734+XxdTKYQIDAQABAoIBAD3bGS4FfgDr5Wpm
QcnlpoOlwBMpI/4G1ioN9Io8fErEGuScSWzHiLMDQw9Vt2SnEqZByjOMiXc0Tmu/
T2PCEoYTsUTW0IGXLtvYSWhYREE7Fj109uinDdXTyUEemh+NtJkc3exqJ2SZrsly
GZYz2gZa57/urNPfW0oo9XHByA30EYzZ8A5eTVCDCO5/6LYHLCpEU7+aYPPRWeQ8
ZPTCoqqjud/7NKL2HnNOBySEfh3mEmV5ufMkL8xc+kF86kUaJeDrKxb7DksaPS9F
NS3EkZnooN2jsIGTYYFWqjTQZ+dWJEUlz771lAAlhcVv2Su1iRwAiP7aTPltFssW
wTniIlsCgYEAwWLKSzQgDHL8VfPTImU9UjuWi6JiwEcads7g9ywdWWTsS2xGBH+U
Q9e888FILHCVhub/Qjo3QQQiLRblnD+KKcBwPSfGq3URCWVBqofPCG0jPxjR3jaV
Aa5MtlV13sG/c+tjgziRmg2S+KIk28R7QURY+k1iOicryKkbFcHAEZcCgYEAtooq
KgzSpBxx/sVXwWL+pN/QDyQ8884C5GR+aX9+fhw2540rVCk+OovN+DtxC+a8D+jW
O619H8KA1vxATi7iCfq3GFF0cYXjzmh9e2/dcPwIqJTA9yJzV+Z8DlQ5qsI8v3mu
K1YEG39muLMEo74pVfYBvrK8yaOQYLww585ZkscCgYASS35Hzw6ZHuewWfjHcDx0
4x5C54HgHtnqE3hE6e983YddO0kEc+1a3bYKeWaSjbQXpxLO+SLxC6sQCPJ/7aLs
gEAeCP1KizCpauLjdyWm7mw/M+Hm29MM7ahkN4GHKV0rYkFv0JI1uMMGspA6GkRu
0EB6rYd1aO9DdHwTetjo0QKBgEZeHML5DnqVPJyqFppGP0Pvw5USsyyJTjQdSV4B
+BFFbyT0Fq/q9kI7grserwWXfQflCjEXQBTuNhyqQV/iUuDl9Y86V1kr9BWt0jGz
ffoALpZOQdUDQtOv1kLv1QsutZxam/m4vvyasE6jNDarJ+QrYaDR5lUU6KNh6Lhz
o7QhAoGBAIwwA596+lgxuSwLKvlX/ddP+KCz46aLee8fIXil8Pg8erVxpZMfKZP4
8jWOSmcPcZ/4IH4yhnswx4jSQh89OrwrYDSziFD9tJ9S5R49eaQlq7QpiAxJbszn
W3txK9lXMkq3lYk+RyCWXGHBNRSPuLR/KhniIISnQKesG8+Pmlu2
-----END RSA PRIVATE KEY-----
mayel commented 4 months ago

good point, thanks!