A version of cloud-init containing this fix was published to Ubuntu
Focal (20.04) cloud-init 20.1-9-g1f860e5a-0ubuntu1.
If this is still a problem for you, please re-open this bug or submit a new bug
with related context.
** Changed in: cloud-init
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1865947
Title:
Write redacted metadata to /run/cloud-init/instance-data.json
Status in cloud-init:
Fix Released
Bug description:
Cloud-init persists world-readable instance metadata in /run/cloud-
init/instance-data.json and a read-only root /run/cloud-init/instance-
data-sensitive.json.
Cloud-init has a facility whereby clouds could defined a via
sensitive_metadata_keys list as a class attribute in the platform's
supported DataSource subclass.
No clouds are redacting metadata using this mechanism currently.
When cloud-init persists instannce-data.json it should write the
redacted content to the world-readable /run/cloud-init/instance-
data.json and unredacted content to root read-only /run/cloud-init
/instance-data-sensitive.json.
It currently writes the wrong content to each file. No clouds
currently are exposed to this bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1865947/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
