[p11_crypto_plugin] login should be secret

... because the option accepts password to login to PKCS11 session. Change-Id: Ide5ffb33aa8ac640f7a3b552d577d4c820565402 (cherry picked from commit 0b649011d9)
2024-03-29 16:46:23 +09:00 · 2024-03-29 16:46:23 +09:00 · 2d0655c324
parent d93b814997
commit 2d0655c324
2 changed files with 2 additions and 2 deletions
--- a/manifests/plugins/p11_crypto.pp
+++ b/manifests/plugins/p11_crypto.pp
@ -88,7 +88,7 @@ class barbican::plugins::p11_crypto (

  barbican_config {
    'p11_crypto_plugin/library_path':             value => $p11_crypto_plugin_library_path;
-    'p11_crypto_plugin/login':                    value => $p11_crypto_plugin_login;
+    'p11_crypto_plugin/login':                    value => $p11_crypto_plugin_login, secret => true;
    'p11_crypto_plugin/mkek_label':               value => $p11_crypto_plugin_mkek_label;
    'p11_crypto_plugin/mkek_length':              value => $p11_crypto_plugin_mkek_length;
    'p11_crypto_plugin/hmac_label':               value => $p11_crypto_plugin_hmac_label;
--- a/spec/classes/barbican_plugins_p11_crypto_spec.rb
+++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb
@ -45,7 +45,7 @@ describe 'barbican::plugins::p11_crypto' do

      it 'is_expected.to set p11 parameters' do
        is_expected.to contain_barbican_config('p11_crypto_plugin/login') \
-          .with_value(params[:p11_crypto_plugin_login])
+          .with_value(params[:p11_crypto_plugin_login]).with_secret(true)
        is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \
          .with_value(params[:p11_crypto_plugin_mkek_label])
        is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \