Closed patricktiu closed 6 days ago
Thank you for creating a bug report. We will investigate the bug and evaluate its impact on the product. If you haven't already, please ensure you have provided steps to reproduce the bug and as much context as possible.
Hello @patricktiu! If the user and password are passed directly on the command line, then there is inherent insecurity because anyone who sees your terminal session can see the credentials in plain text.
There are some alternative ways to provide credentials to Zowe CLI that are more secure:
zowe config secure
to store user and password properties securely.--user prompt* --password prompt*
and Zowe CLI will securely prompt you to enter the values.ZOWE_OPT_USER
and ZOWE_OPT_PASSWORD
which Zowe CLI will use.@t1m0thyj, Your suggestion to hide the password is acceptable. Thank You!
Describe the bug The user password is logged in the imperative.log if the command fails. For example, if the server is down and you are trying to run a command with the --user and --password option. The imperative.log logs the command with both the user id and password.
Expected and actual results In the imperative log, the user id and the password should be masked out.
Steps to reproduce the problem
zowe ssh iss cmd ls --user myUserId --password myPassword