Discussion:
Stop logging truststore and keystore passwords
Trevor Hartman
2016-08-13 20:48:34 UTC
Permalink
I noticed Datomic logs truststore and keystore passwords on startup. Can
this be omitted?

Trevor
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jaret Binford
2016-08-16 20:00:10 UTC
Permalink
Trevor,

I just made a quick example when starting a transactor, using a truststore
and I did not see the passwords logged in the transactor log file. Could
you shoot me an example with the password etc redacted?

Thanks,
Jaret
Post by Trevor Hartman
I noticed Datomic logs truststore and keystore passwords on startup. Can
this be omitted?
Trevor
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jaret Binford
2016-08-22 13:40:32 UTC
Permalink
Trevor,

I went back and looked at this again. I could not get the credentials into
the actual log. I am wondering if you meant the command line output? In
0.9.4894 we made a change to disable output of credentials to log:

## Changed in 0.9.4894


* New: Transactor configuration setting to disable printing of credentials.

Specify the boolean system property `datomic.printConnectionInfo` as
`false`

to disable. Default is true.


Transactor properties documentation can be found at

http://docs.datomic.com/system-properties.html

Please let me know if you meant output to the command line.

Thanks,
Jaret
Post by Jaret Binford
Trevor,
I just made a quick example when starting a transactor, using a truststore
and I did not see the passwords logged in the transactor log file. Could
you shoot me an example with the password etc redacted?
Thanks,
Jaret
Post by Trevor Hartman
I noticed Datomic logs truststore and keystore passwords on startup. Can
this be omitted?
Trevor
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Trevor Hartman
2016-08-26 13:34:46 UTC
Permalink
Thanks Jaret, and sorry for the slow reply!

I'm on Datomic 0.9.5359. It looks like datomic.printConnectionInfo is
exactly what I need.

Yes, I did mean the command line output (not the actual log).
Post by Jaret Binford
Trevor,
I went back and looked at this again. I could not get the credentials into
the actual log. I am wondering if you meant the command line output? In
## Changed in 0.9.4894
* New: Transactor configuration setting to disable printing of credentials.
Specify the boolean system property `datomic.printConnectionInfo` as
`false`
to disable. Default is true.
Transactor properties documentation can be found at
http://docs.datomic.com/system-properties.html
Please let me know if you meant output to the command line.
Thanks,
Jaret
Post by Jaret Binford
Trevor,
I just made a quick example when starting a transactor, using a
truststore and I did not see the passwords logged in the transactor log
file. Could you shoot me an example with the password etc redacted?
Thanks,
Jaret
Post by Trevor Hartman
I noticed Datomic logs truststore and keystore passwords on startup. Can
this be omitted?
Trevor
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Trevor Hartman
2016-09-15 15:24:25 UTC
Permalink
Actually this doesn't solve it. The problem is the bin/transactor script
that ships with Datomic. It includes:

echo "Launching with Java options -server $XMS $XMX $JAVA_OPTS"
exec java -server -cp `bin/classpath` $XMX $XMS $JAVA_OPTS clojure.main
--main datomic.launcher "$@"

If you've configured Datomic to use a keystore or truststore, their
passwords will be printed to stdout.
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Joshua Mendoza
2017-08-21 21:17:44 UTC
Permalink
I'm a little bit late into the party but I created a little patch to avoid
printing the property *datomic.licenseKey*. You may use the following patch
on *$DATOMIC_DIST/bin/transactor* in your provisioning pipeline:

17a18,20
-Ddatomic.licenseKey*)
LICENSE_KEY="$1"
;;
36a40
if [ ! -z $LICENSE_KEY ]; then JAVA_OPTS="$JAVA_OPTS $LICENSE_KEY"; fi
Apply patch only if the distributed *transactor* shell script has the
following SHA1:

effddef6a4b856b7d3285f7384c0f762b9664c8a transactor
Actually this doesn't solve it. The problem is the bin/transactor script
echo "Launching with Java options -server $XMS $XMX $JAVA_OPTS"
exec java -server -cp `bin/classpath` $XMX $XMS $JAVA_OPTS clojure.main
If you've configured Datomic to use a keystore or truststore, their
passwords will be printed to stdout.
--
You received this message because you are subscribed to the Google Groups "Datomic" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datomic+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...