Security Flaw: users_manage LWRP prints private keys to log

[lhriley-tm]

As implemented, the usersmanage LWRP prints all SSH keys to the log, both public and private. This would be tolerable if we could mark the LWRP itself as sensitive, but that does not appear to work in testing. Instead, it appears that we would need the source modified to add "sensitive true" to the template resource which generates the private (id*) key file.

https://github.com/chef-cookbooks/users/blob/v1.8.2/providers/manage.rb#L131-L141

        if u['ssh_private_key']
          key_type = u['ssh_private_key'].include?("BEGIN RSA PRIVATE KEY") ? "rsa" : "dsa"
          template "#{home_dir}/.ssh/id_#{key_type}" do
            source "private_key.erb"
            cookbook new_resource.cookbook
            owner u['id']
            group u['gid'] || u['id']
            mode "0400"
            variables :private_key => u['ssh_private_key']
            sensitive true
          end
        end

Optionally, it would be nice to make this an attribute that we could pass into the LWRP so that we could expose the content in testing / kitchen and hide it in Production.

[ericgoedtel]

This seems to be a problem with any variable being expanded that might contain sensitive data.

[tas50]

I've set the resource that creates the key to sensitive so you won't see those in your logs or in visibility if you use automate. I'll get a release out soon with that change.