Closed djessich closed 4 years ago
Thanks for the extensive report!
In PKI the certificate itself it not a sensitive object, so for security it does not matter. It's even sent to every client when a connection is negotiated. Nonetheless marking it sensitive in the resource would not harm, so I'd be okay to accept a pull request.
@thoutenbos Yes, of course you're right. I oversaw, that the dynamically created resource is just for the public crt certificate, but I thought its for the private key. Therefore, I will close this issue, as the file
resource for the private key within acme_certificate
is defined as being sensitive
anyway.
Problem Description
Using the acme cookbook to generate Letsencrypt certificates works as desired, but the generated certificates will be printed to logs and reported to the Chef Server. This represents a security problem and can be avoided by properly using the
sensitive
resource property on all resources.When does it happen?
Every time a new certificate was generated.
Reproduction
Chef Client Log (from Kitchen test VM)
Note: I removed some parts from the auto generated certificates to reduce the log size and to avoid overfilling this issue.
The actual problematic output is:
Environment
Chef: 15.13.8+ acme Cookbook: 4.1.2
Possible Workaround
Currently none, as this needs to be handled in the acme cookbook.
Possible Implementation
A possible implementation may be as follows:
(see https://github.com/schubergphilis/chef-acme/blob/master/resources/certificate.rb#L108)
It should be well thought, where the
sensitive
property makes sense in all the resources provided by this cookbook. I could think of the acme challenge token file creation and the public certificate (as I think that no certificate, regardless of its type, should be reported). Maybe there are more places where the use ofsensitive
property makes sense.However, the above implementation example will avoid the report problem of the generated certificate.