Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Brian_Deutmeyer
Collaborator
Jump to solution

Delete or Hide Tasks from SmartConsole

I'd like to change all my LOM passwords using ipmitool via the API using run script. The issue I'm facing is the new password will be visible in SmartConsole when looking at tasks that have been run.  Is there a way to delete or hide certain tasks so we can keep certain data safe (like passwords)?

1 Solution

Accepted Solutions
Uri_Bialik

Thank you for bringing this to our attention!

We had several RnD meetings to discuss this issue and we're considering changing the run-script command so that sensitive data will not be leaked by mistake.

 

In the meanwhile, you'll be glad to know that there is a way to avoid this issue today (no API change is required):

* The run-script API has an "args" parameter.

* The data in the "args" parameter is passed to the script however the data in the "args" parameter does not appear in the audit logs.

 

For example:

"mgmt_cli run-script script-name 'sample1' script 'my_script.sh -p $1' args 'my secret password' targets r80_20_ga -r true"

The audit log for the above script would show "my_script.sh -p $1" and will not include the secret password.

 

We'll update the run-script API documentation to bring it to the attention of other users.

View solution in original post

2 Replies
Uri_Bialik

Thank you for bringing this to our attention!

We had several RnD meetings to discuss this issue and we're considering changing the run-script command so that sensitive data will not be leaked by mistake.

 

In the meanwhile, you'll be glad to know that there is a way to avoid this issue today (no API change is required):

* The run-script API has an "args" parameter.

* The data in the "args" parameter is passed to the script however the data in the "args" parameter does not appear in the audit logs.

 

For example:

"mgmt_cli run-script script-name 'sample1' script 'my_script.sh -p $1' args 'my secret password' targets r80_20_ga -r true"

The audit log for the above script would show "my_script.sh -p $1" and will not include the secret password.

 

We'll update the run-script API documentation to bring it to the attention of other users.

Brian_Deutmeyer
Collaborator

Thanks, Uri!

As a side question, would you anticipate a performance or database issue with running 1000-1500 run-script API calls per day?  I’m considering using run-script to call fw sam on our MDS from SmartEvent. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events