hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.35k stars 1.38k forks source link

Conceal sensitive data in container logs #434

Closed Hursofid closed 2 months ago

Hursofid commented 2 months ago

Hello, I'd like to know if there is a way to hide user passwords and PSK from being logged to stdout. I've specified all necessary variables in the env file:

VPN_IPSEC_PSK=redacted
VPN_USER=redacted
VPN_PASSWORD=redacted
RANGE="redacted"
SUBNET=redacted
VPN_L2TP_NET="redacted"
VPN_L2TP_LOCAL=redacted
VPN_L2TP_POOL="redacted"
VPN_ADDL_USERS=redacted
VPN_ADDL_PASSWORDS=redacted
VPN_ANDROID_MTU_FIX=yes
VPN_PUBLIC_IP=redacted

The problem is that passwords, usernames are being exported to and stored in the Graylog in plaintext. I ship there all my containers logs using filebeat. It is transferred with TLS, but still, it's better to not store it anywhere.

I'll happy to provide any additional information if necessary.

Thank you

hwdsl2 commented 2 months ago

@Hursofid Hello! For your use case, while it is not currently supported in this project, you can build your own customized Docker image from source code, based on this project. Please refer to build from source code. For example, you can customize run.sh to remove the output of usernames and passwords.