Security issue with encrypted pillars: they are unencrypted with salt-call pillar.items and log level debug on the minion

[gaetanquentin]

salt master/minion: 2019.02
os: ubuntu 18.04

Is there a way to prevent encrypted pillar to be unencrypted in minion (output and logs) ?

1. Folllowing this gpg configuration: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html

2. and setting log_level_logfile: debug on the minion

• calling on the master: sudo salt 'rundeck' pillar.items
• on the minion log, pillar is unencrypted:
  'a-secret': 'supersecret'

3. setting log_level_logfile: error on the minion

• calling on the master: sudo salt 'rundeck' pillar.items: ok, nothing on minion logs
• calling salt-call pillar.items on the minion:

local:
    a-secret:
        supersecret

[Ch3LL]

the only similar option i found was obfuscate_templates but this is only for the file module so it doesnt show the diff output, we would most likely need to add this feature to obfuscate the pillar rendered in logs and output

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

[stale[bot]]

Thank you for updating this issue. It is no longer marked as stale.