Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25975

Bamboo Agent installer prints the Security token after installation

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 9.2.22, 9.6.10, 10.2.1
    • 9.2.21, 9.6.9, 10.1.1
    • Agents, Docker
    • None

      Issue Summary

      The Bamboo Agent installer prints the BAMBOO_SECURITY_TOKEN to the standard output after the Agent is installed.

      This is reproducible on Data Center:

      Steps to Reproduce

      1. Install a Bamboo Remote Agent and specify a Security Token
      2. Observe the logs on the screen

      Expected Results

      No signs of the Security token should have been printed on the screen. This is desired in environments such as "Dockerized" or automated systems where the Security Token is the "sign on" method of every Agent and that string should not be exposed in any logs at the risk os misuse.

      Actual Results

      The BAMBOO_SECURITY_TOKEN is visible:

      Installing agent wrapper
Installing file: /generic/conf/wrapper-license.conf to: /var/atlassian/application-data/bamboo-agent/conf/wrapper-license.conf
Installing file: /generic/lib/wrapper.jar to: /var/atlassian/application-data/bamboo-agent/lib/wrapper.jar
Installing file: /arch/linux/arm64/wrapper to: /var/atlassian/application-data/bamboo-agent/bin/wrapper
Installing file: /arch/linux/arm64/libwrapper.so to: /var/atlassian/application-data/bamboo-agent/lib/libwrapper.so
Installing file: /generic/bin/bamboo-agent.sh to: /var/atlassian/application-data/bamboo-agent/bin/bamboo-agent.sh
Installing file: /generic/lib/bamboo-agent-bootstrap-jar-with-dependencies.jar to: /var/atlassian/application-data/bamboo-agent/lib/bamboo-agent-bootstrap.jar
Unzipping /classpath.zip to /var/atlassian/application-data/bamboo-agent/classpath
Could not find source file /classpath.zip
Agent installed
KUBE_NUM_EXTRA_CONTAINERS: 0
SHLVL: 0
SHELL: /bin/bash
TZ: Australia/Sydney
...
BAMBOO_SECURITY_TOKEN: f3a51f98c77569125538180c8107a89060e1be29     <<<<<<< HERE
...
HOSTNAME: d_bamboo1002_agent1
...
Running [/var/atlassian/application-data/bamboo-agent/bin/bamboo-agent.sh, console]
Agent process started, shutdown hook registered, proceeding with log pump...
Running Bamboo Agent...

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              73868399605e Eduardo Alvarenga
              73868399605e Eduardo Alvarenga
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: