S3 input output plugin might leak passwords · elastic/logstash#12540

(3 comments) (0 reactions) (0 assignees)Ruby (14,197 stars) (3,496 forks)batch import

good first issue

説明

When you use minio or another S3 provider that uses path_style for buckets and do not configure this with the force_path_style then logstash while fail with a stacktrace which contains the S3 secret key. This was tested with secret key and key identifier present in the config. Not tested with a config file yet. probably config file is better.

コントリビューターガイド

技術スタック: なし
領域: backendsecurity
Issue 種別: bug
難度: 3
推定時間: 1-3 hours
活動状況: stale
明確さ: clear
前提条件: Logstash basicsS3 configuration
初心者向け度: 60
調査方針: Investigate the S3 input and output plugins' error handling to identify where the secret key is included in stack traces. Look for any existing code that redacts sensitive information. Consider modifying the error logging to exclude the secret key when displaying configuration errors. Review comments in the issue for any additional context.