VMware Cloud Community
bsti
Enthusiast
Enthusiast
Jump to solution

Credentials being exposed in Workflow Execution Stack when a WF fails

I have a WF with an attribute this is of the data type Credential.  Whenever this WF fails, the execution stack outputs all of the WF parameters and attributes, including the credential username and password in clear text! 

Here is an example:

[2017-08-11 10:29:26.507] [E] Error in (Workflow:Test / Scriptable task (item1)#0) Error!!

[2017-08-11 10:29:26.529] [E] Workflow execution stack:

***

item: 'Test/item1', state: 'failed', business state: 'null', exception: 'Error!!'

workflow: 'Test' (40c14d17-07cd-4545-a3ee-6fe3e5b7e424)

|  'attribute': name=Cred type=Credential value=username:passwordincleartext!

|  'no inputs'

|  'no outputs'

*** End of execution stack.

Is there a way to suppress the workflow execution stack other than to turn the scripting log level to Fatal or off?  I'd like to see the scripting log, but I can't have it expose credentials to the users.

Has anyone run into this and found a good workaround?

I'm running VRO 7.3.

Thanks!

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

AFAIK, there is no option to suppress this dump via some configuration (ie. env variable).

This is a bug that need to be fixed. If you need an urgent fix for 7.3, consider opening a support request with VMware so we can deliver a hotfix/patch. Otherwise, we'll fix it in a future vRO release.

View solution in original post

Reply
0 Kudos
3 Replies
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

AFAIK, there is no option to suppress this dump via some configuration (ie. env variable).

This is a bug that need to be fixed. If you need an urgent fix for 7.3, consider opening a support request with VMware so we can deliver a hotfix/patch. Otherwise, we'll fix it in a future vRO release.

Reply
0 Kudos
bsti
Enthusiast
Enthusiast
Jump to solution

Thanks for the response.  I don't need an urgent fix per se, I'd just like to see it included in a future version. 

Reply
0 Kudos
rogerg19
Contributor
Contributor
Jump to solution

Is there the ability to now suppress the workflow execution stack?

Reply
0 Kudos