Use "secret=True" for password-related options

This makes sure the value of the option is not leaked in the logs. Found using bandit. Change-Id: I6db2eea1d3f1ad3cacb749dbb9766c5d32cf047f
2015-10-23 15:01:33 +02:00 · 2015-10-23 15:01:33 +02:00 · 52e624891f
commit 52e624891f
parent 07c328255b
1 changed files with 2 additions and 0 deletions
--- a/oslo_messaging/_drivers/protocols/amqp/opts.py
+++ b/oslo_messaging/_drivers/protocols/amqp/opts.py
@ -64,6 +64,7 @@ amqp1_opts = [
    cfg.StrOpt('ssl_key_password',
               default=None,
               deprecated_group='amqp1',
+               secret=True,
               help='Password for decrypting ssl_key_file (if encrypted)'),

    cfg.BoolOpt('allow_insecure_clients',
@ -94,5 +95,6 @@ amqp1_opts = [
    cfg.StrOpt('password',
               default='',
               deprecated_group='amqp1',
+               secret=True,
               help='Password for message broker authentication')
 ]