[Geoserver-devel] [JIRA] (GEOS-10552) Parameterised AWS keys in S3 blobstore being resolved to literals and written to config file

Aaron Sedgmen created an issue

GeoServer / BugGEOS-10552

Parameterised AWS keys in S3 blobstore being resolved to literals and written to config file

Issue Type:

BugBug

Affects Versions:

2.21.0

Assignee:

Unassigned

Components:

GWC-S3

Created:

20/Jun/22 2:49 AM

Environment:

Windows / Linux

GeoServer 2.21.0

Priority:

MediumMedium

Reporter:

Aaron Sedgmen

Parameterised AWS keys in an S3 blobstore are resolved to literals and written to the geowebcache.xml config file when, after initial creation, the blobstore is opened and saved in the GeoServer UI. This can result in secure AWS keys being inadvertently exposed, such as when the GeoServer data_dir is version controlled in a code repository, and requires care to be taken to manually reset the keys to parameterised values in the geowebcache.xml file.

Same issue was occurring with Azure blobstores - https://osgeo-org.atlassian.net/browse/GEOS-9288 .

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100201-sha1:07cea57)

Atlassian logo