Acme.sh: debug log without senstive data

Created on 11 Apr 2017  路  7Comments  路  Source: acmesh-official/acme.sh

would it be possible for a debug option to output all the required details for an issue reporting without leaking sensitive data like api keys or email addresses?

picture FernandoMiguel

All 7 comments

what do you want to hide?
we already have functions: _secure_debug(), _secure_debug2().
You can search where those functions are used.

Neilpang picture Neilpang on 11 Apr 2017

@Neilpang api keys, email addresses, some of the results of LE API like the TXT records, etc
anything that would show in --debug 2 that would allow for someone to gain access to an infrastructure.

thanks

FernandoMiguel picture FernandoMiguel on 11 Apr 2017

I understand, but we should replace _debug() function with _secure_debug() for the key infos

Neilpang picture Neilpang on 11 Apr 2017
👍1

Please upgrade to the latest 2.8.8 version, your cf api key and secret should already be hidden.

Neilpang picture Neilpang on 11 Apr 2017
👍1

I think you mean v2.6.8.
but yeah, that's a good improvement there.

are any of the output entries from LE sensitive too?

FernandoMiguel picture FernandoMiguel on 11 Apr 2017

Yes, it's 2.6.8

I'm not 100% sure, but I don't think the entries is sensitive.

I have hidden some sensitive already, but if you find anything else need to be hidden, please tell me.

Neilpang picture Neilpang on 11 Apr 2017
👍1

afaik, it's all looking OK.
i still dont like those tokens visible, nor are they useful for any debug, but not sure how sensitive they are.

thanks

FernandoMiguel picture FernandoMiguel on 11 Apr 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

extensionsapp picture extensionsapp  路  3Comments
mskian picture mskian  路  3Comments
xiagw picture xiagw  路  3Comments
duxiu-chen picture duxiu-chen  路  4Comments
noplanman picture noplanman  路  4Comments