From 52e624891fc500c8ab9f3f10ef45258ce740916a Mon Sep 17 00:00:00 2001
From: Cyril Roelandt <cyril@redhat.com>
Date: Fri, 23 Oct 2015 15:01:33 +0200
Subject: [PATCH] Use "secret=True" for password-related options

This makes sure the value of the option is not leaked in the logs.

Found using bandit.

Change-Id: I6db2eea1d3f1ad3cacb749dbb9766c5d32cf047f
---
 oslo_messaging/_drivers/protocols/amqp/opts.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/oslo_messaging/_drivers/protocols/amqp/opts.py b/oslo_messaging/_drivers/protocols/amqp/opts.py
index cba1fd339..5c69c966c 100644
--- a/oslo_messaging/_drivers/protocols/amqp/opts.py
+++ b/oslo_messaging/_drivers/protocols/amqp/opts.py
@@ -64,6 +64,7 @@ amqp1_opts = [
     cfg.StrOpt('ssl_key_password',
                default=None,
                deprecated_group='amqp1',
+               secret=True,
                help='Password for decrypting ssl_key_file (if encrypted)'),
 
     cfg.BoolOpt('allow_insecure_clients',
@@ -94,5 +95,6 @@ amqp1_opts = [
     cfg.StrOpt('password',
                default='',
                deprecated_group='amqp1',
+               secret=True,
                help='Password for message broker authentication')
 ]