BradCalvertLPNT
Contributor
Contributor

Supressing vRA ABX outputs to log file

I have written an ABX that can retrieve secrets from our internal secrets manager for real-time use by other VRA/VRO workflows. Everything works fine, except VRA writes the ABX output which contains the full credentials to the log files, which subsequently gets stored in Log Insight in plain text.

Is there any way to suppress the writing of ABX outputs to the log stream?

Edit: VRA 8.6.2 currently, will update to 8.8.x or possibly 8.10.x in Q1

6 Replies
xian_
Expert
Expert

why don't you gather those credentials in vro directly?

0 Kudos
BradCalvertLPNT
Contributor
Contributor

Can you elaborate? If you mean add and manage the secrets in VRO, that is what we are trying to avoid, maintaining secrets in places outside of our existing password vault and having to update them in multiple places when they are rotated.

0 Kudos
xian_
Expert
Expert

I mean rewriting the method you implemented by ABX in vRO.

0 Kudos
BradCalvertLPNT
Contributor
Contributor

Does this fix the problem? Does VRO not log any output of workflow actions? I would assume it still logs them for troubleshooting purposes.

0 Kudos
xian_
Expert
Expert

It does not log variables. You can check workflow runs and examine variable values, but this is stored in DB only and Secure Strings are masked.

0 Kudos
Ankush11s
VMware Employee
VMware Employee

You can exclude those logs from vRLI perspective as well at that time of injection 

0 Kudos