Details
-
Bug
-
Status: Complete
-
Medium
-
Resolution: Done
-
None
-
None
-
None
-
None
-
10
Description
When the client cli is run, it generates a world-readable cli.log file that echoes all commands typed into the cli. Unfortunately, this includes seeds, which are sensitive information. For example, if a trustee types in his seed in the CLI to perform his duties, what he types in is written to the cli.log as follows:
2017-08-04 14:02:45,481 | INFO | cli.py (1921) | parse | CLI command entered: new key with seed secretTrusteeSeed000000000000000
This seed data should not be written to the log. A better solution would be to mask the seed when writing to the log:
2017-08-04 14:02:45,481 | INFO | cli.py (1921) | parse | CLI command entered: new key with seed [redacted]
The same information is written to .sovrin-cli-history, which is also a world-readable file. Seeds should also be redacted there.