Leaks admin secrets to log files [JIRA: RCS-379]

[TJC]

Riak CS logs the admin secret keys, which potentially leaks the secret keys to unprivileged users.

In our case, we use Riak CS in production, and the log files are collected and sent to a Logstash cluster.
Only a few sysadmins are able to view the /etc/riak-cs/ configuration files, however the Logstash logs are viewable by most staff. We didn't expect the logs to contain admin secrets.

We can work around this by filtering the secrets out, but I thought this behaviour was wrong enough to deserve me opening an issue here -- at least you can discuss amongst yourself if this is intentional and desirable behaviour.

Maybe at the very least, consider changing the log level for this to be DEBUG rather than INFO?

[shino]

#1279 helps? (I don't know the fix has been released or not.)

[TJC]

It might help, but I'm confused - you never updated http://docs.basho.com/riak/cs/2.1.1/cookbooks/configuration/riak-cs/ to reflect the current correct and best practices in regard to the admin secret. It still says to put both admin.key and admin.secret into the riak-cs.conf file.

[kuenishi]

64eb8de is not included in 2.1.1 and not just yet released as far as I see git tags after months absence.