network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords
Bug #1981646 reported by
Chad Smith
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Low
|
Unassigned | ||
netplan |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
https:/
But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/
If network v2 config contains sensitive password keys it may make sense for cloud-init to either:
1. Make /etc/netplan/
- OR -
2. Write a world-readable /etc/netplan/
Changed in cloud-init: | |
status: | New → Triaged |
tags: | added: fr-2562 |
Changed in netplan: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
To post a comment you must log in.
Alternative solution to this could be if netplan.io grows a new root-only directory option that defines a schema for storing sensitive information like credentials. Not sure if this is something netplan.io would plan to grow or not. Tagging netplan.io on this bug as an FYI `wishlist` in case future feature work goes this direction.
The features that may be nice from netplan frm a usability standpoint: security/ credentials subdirectory/schema that could contain the security bits.
1. documented policy that suggests chmod 600 on any netplan YAML
2. Instrumented policy in `netplan generate` or `netplan apply` that warns about world-readable files consumed which happen to contain security-related keys.
3. Ideally, sensitive YAML content root-only files wouldn't live in with world-readable content in /etc/netplan/* files. Possibly define a sensitive/
This is probably not the bug to file against netplan.io as it contains multiple feature request, but I wanted to track the sentiment in case that effort is becomes something desireable for netplan (and thereby affecting how cloud-init should write out sensitive files).