VMware Cloud Community
sbeaver
Leadership
Leadership
Jump to solution

Subscription Payload

Good day all,

I was taking a closer look at the payload properties that gets displayed in the logs when the subscription is called and noticed that my encrypted values are getting displayed in plain text in the logs.  Can anyone confirm if they are seeing that in their environment please?

Thanks

Steve

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Tags (1)
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

Or...j/k, I already had a subscription and scriptable task ready and waiting. So, yes, I confirm your observation.

pastedImage_0.png

Output in the log for a scriptable task that writes out all properties:

Chip.EncryptedProp01: VMware1!

Not good.

View solution in original post

Reply
0 Kudos
11 Replies
daphnissov
Immortal
Immortal
Jump to solution

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

7.3

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

Can you give me something specific to test? I'll check it out on my end.

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

Thank you that would be great.  Create a encrypted property for a VM that will trigger a subscription.  When the subscription runs the scriptable task that receives the payload will log all the values as well as the looping and logging all the virtual machine properties.  I am looking to see if you see the same results that I am in that the encrypted property you configured gets presented in the System.log as plain text.

Thanks for taking the time

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

Ok, I'll whip up a test and get back to you. May be tomorrow morning, though.

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

No worries!!  Thank again for your time

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

Or...j/k, I already had a subscription and scriptable task ready and waiting. So, yes, I confirm your observation.

pastedImage_0.png

Output in the log for a scriptable task that writes out all properties:

Chip.EncryptedProp01: VMware1!

Not good.

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

OK thank you for the confirmation on this.  I am going to see if I can get some attention to this issue.  Thanks again for you help

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
rmav01
Enthusiast
Enthusiast
Jump to solution

vRO does this too, if you run a System.log on a SecureString type it will put it in clear text in the log. To me it's obfuscated and not actually encrypted.

Reply
0 Kudos
FrodeGarnes
Contributor
Contributor
Jump to solution

Secure string is just like a password field, nothing to do with encrypting the string. just making it less readable over shoulders etc.

xian_
Expert
Expert
Jump to solution

I faced the same issue. I was thinking about encrypting the value with vRO and push it back by EBS with virtualMachineAddOrUpdateProperties

Any other suggestions?

Reply
0 Kudos