Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimize or remove examples which show --password flag #565

Open
rodrigc opened this issue Feb 7, 2023 · 1 comment
Open

Minimize or remove examples which show --password flag #565

rodrigc opened this issue Feb 7, 2023 · 1 comment
Assignees
@codegangsta @bruth

Comments

@rodrigc
Copy link
Contributor

rodrigc commented Feb 7, 2023

From this page: JetStream Troubleshooting

If I click on various links to get more information about commands to use for troubleshooting JetStream,
there are a few pages where examples are given where --password s3cr3t is specified.
While this is functionally correct, it is not optimal from a security perspective to display the unencrypted password.

This is one example:
Viewing Cluster State

I would recommend that examples like this be changed to not illustrate specifying the password via --password.
Specifying via NATS_PASSWORD or nats context are slightly better from a security standpoint.
@rodrigc
Copy link
Contributor Author

rodrigc commented Feb 7, 2023

See also: nats-io/natscli#696

@rodrigc rodrigc mentioned this issue Feb 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codegangsta codegangsta

@bruth bruth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codegangsta @bruth @rodrigc