Skip to content

private key is leaked in error logs #64

Description

@luto
2017/05/06 12:14:37 [error] 9610#9610: *68 [lua] lets_encrypt.lua:62: issue_cert(): auto-ssl: dehydrated manual hook.sh failed: env HOOK_SECRET=32cffc43cb.... HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl/shell/letsencrypt_hooks deploy_cert xxx /etc/resty-auto-ssl/letsencrypt/certs/xxx/privkey.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/cert.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/fullchain.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/chain.pem 1494072877 status: 256 out: hook request failed
(...)
++ cat /etc/resty-auto-ssl/letsencrypt/certs/xxx/privkey.pem
+ local 'PRIVKEY=-----BEGIN RSA PRIVATE KEY-----
(...)

When the hook fails, the private key is written to the log verbatim. While logs are usually only readable by root, this can still be a problem in systems which stream logs via syslog-ng. There are also many setups using the ELK stack to collect logs centrally.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions