[MDEV-14073] Hide xtrabackup --encrypt-key on commandline Created: 2017-10-16 Updated: 2017-10-24 Resolved: 2017-10-24 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Backup |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Critical |
| Reporter: | Anders Karlsson | Assignee: | Andrii Nikitin (Inactive) |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Description |
|
When running xtrabackup, the encrypt-key option, if used, is shown when running a ps command. This should be hidden, just like a password. |
| Comments |
| Comment by Andrii Nikitin (Inactive) [ 2017-10-24 ] |
|
This jira is not place for xtrabackup bugs, so I will close this as invalid. mariabackup silently ignores --encrypt* options, so this exact problem is not relevant for MariaDB products. But mariabackup may have similar problem e.g. if sensitive parameters of REST encryption plugins are passed in command line, e.g. --file_key_management_filekey This issue should have relatively easy workarounds, e.g. pass secret parameters in variable or in cnf file: Since mariabackup can load any custom plugin - there is no easy way to know in advance which options are sensitive, so users should not pass sensitive options in command line. |