Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-624

CII security badging: cleartext password for keystone and docker repo creds

    Details

    • Type: Task
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: Beijing Release
    • Labels:
    • Sprint:
      OOM Sprint 8, OOM Sprint 9 - Beijing freeze

      Description

      unhashed cleartext password in onap-parameters.yaml and setenv.bash

      OPENSTACK_API_KEY: ""

      passed to setenv.bash (default "docker"

      ONAP_DOCKER_PASS=${ONAP_DOCKER_PASS:-docker}

       follow

       https://wiki.onap.org/display/DW/CII+Badging+Program

      see security tab in

      https://bestpractices.coreinfrastructure.org/projects/1578/edit#security

      (logging badge above for IE)
      The public repositories MUST NOT leak a valid private credential (e.g., a working password or private key) that is intended to limit public access.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              david.sauvageau David Sauvageau
              Reporter:
              michaelobrien Michael O'Brien
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: