Skip to content

cli: --init-token exposes the init token to the ps command #61231

Open
Open
cli: --init-token exposes the init token to the ps command#61231
Labels
A-authenticationPertains to authn subsystemsA-securityC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security
@knz

Description

@knz
knz
opened on Feb 28, 2021

Related to #60632

The current definition of the --init-token flag exposes the shared secret string to other users on the machine via the ps command.

Is this OK?

It seems to me that we instead want a --init-token-file and have the value of the token stored in a file instead. WDYT?

Jira issue: CRDB-3050
Epic: CRDB-6663

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-authenticationPertains to authn subsystemsA-securityC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions