This bug was originally filed in Launchpad as LP: #1981646
Launchpad details
affected_projects = ['netplan']
assignee = None
assignee_name = None
date_closed = 2023-05-02T07:34:58.316885+00:00
date_created = 2022-07-13T22:43:29.440310+00:00
date_fix_committed = 2023-05-02T07:34:58.316885+00:00
date_fix_released = 2023-05-02T07:34:58.316885+00:00
id = 1981646
importance = low
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1981646
milestone = None
owner = chad.smith
owner_name = Chad Smith
private = False
status = fix_released
submitter = chad.smith
submitter_name = Chad Smith
tags = ['fr-2562']
duplicates = []
Launchpad user Chad Smith(chad.smith) wrote on 2022-07-13T22:43:29.440310+00:00
https://netplan.io/reference/ supports wifi password and auto client-key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make sense for cloud-init to either:
- Make /etc/netplan/50-cloud-init.yaml only root-readable
- Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys except wifis and auth and a root-readable /etc/netplan/50-cloud-init-sensitive.yaml which would contain any security sensitive config content.
This bug was originally filed in Launchpad as LP: #1981646
Launchpad details
Launchpad user Chad Smith(chad.smith) wrote on 2022-07-13T22:43:29.440310+00:00
https://netplan.io/reference/ supports wifi password and auto client-key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make sense for cloud-init to either: