Currently, the provider's password can be seen in some error message, such as the following error that occurred when it failed to connect with provider:
Connection test, failed: GET failed. caused by: 'Get "https://hosted-engine-x.lab.eng.tlv2.redhat.com/ovirt-engine/sso/oauth/token?grant_type=password&password=xxx&scope=ovirt-app-api&username=admin%40internal": dial tcp 10.x.x.x:443: i/o timeout'
This error can be seen on Providers page when clicking on the Connection Failed status, and also in the provider's yaml file.
The plain password shouldn't be shown in UI, yaml, or logs.
- is cloned by
-
MTV-598 Prevent password from being shown in UI and logs
-
- Closed
-
