Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Hide credentials of pbm-agent when starting manually on proctitle

Description

When starting pbm-agent manually from the binary version, we specify the mongodb-uri with the credentials.

$ nohup pbm-agent --mongodb-uri="mongodb://pbmuser:secretpwd@localhost:29093/?replSetName=replset&authenticationDatabase=admin" > pbm-agent-3-1.log 2>&1 &

These credentials are visible when doing ps command:

 

$ ps -ef | grep pbm-agen| grep 2909 vinodh.+ 18163 41022  0 03:38 pts/0    00:01:05 pbm-agent --mongodb-uri=mongodb://pbmuser:secretpwd@localhost:29091/?replSetName=replset&authenticationDatabase=admin vinodh.+ 43742 41022  0 03:27 pts/0    00:01:06 pbm-agent --mongodb-uri=mongodb://pbmuser:secretpwd@localhost:29092/?replSetName=replset&authenticationDatabase=admin vinodh.+ 44192 41022  0 03:27 pts/0    00:01:14 pbm-agent --mongodb-uri=mongodb://pbmuser:secretpwd@localhost:29093/?replSetName=replset&authenticationDatabase=admin

 

 

Need to work to hide these credentials when doing ps command (proctitle). This is reasonable request for security

Environment

None

AFFECTED CS IDs

CS0018383

Smart Checklist

Activity

Show:

Akira Kurogane June 1, 2021 at 9:47 AM

Hi Vinodh.

This ticket would be a duplicate of https://perconadev.atlassian.net/browse/PBM-403#icft=PBM-403. So I'll close it as a duplicate of that.

But as I do that I will simultaneously advise that using a environment variable that sets PBM_MONGODB_URI, sourced from 400 or 600 permissions file owned by the user that needs it, is a solid way to avoid leaking password credentials like this and that is what I recommend.

 

Duplicate

Details

Assignee

Reporter

Priority

Smart Checklist

Created May 31, 2021 at 12:30 PM
Updated March 5, 2024 at 7:02 PM
Resolved June 1, 2021 at 9:48 AM

Flag notifications