Data Sources | passwords in clear-text #8728

New Issue

Closed

opened 2025-12-29 20:40:26 +01:00 by adam · 3 comments

adam commented 2025-12-29 20:40:26 +01:00

Owner

Copy Link

Originally created by @teixemf on GitHub (Oct 7, 2023).

NetBox version

v3.6.3

Python version

3.11

Steps to Reproduce

1. Add a new Data Source
2. Select Type: Git || Amazon S3
3. Input the Password if Type Git || input the AWS secret access key if Type Amazon S3
4. Save
5. Edit the newly added Git || Amazon S3 Data Source
6. Save
7. Go to the Data Sources main page showing the all Data Sources table
8. Configure the table to show the column Parameters

Expected Behavior

3. While typing the password/AWS secret access key the characters should be masked
4. After saving, one can see the password/AWS secret access key in clear-text on the Backend card
5. The password/AWS secret access key should be masked
6. The password/AWS secret access key should be masked while shown on the Parameters column

Observed Behavior

3. While typing the password/AWS secret access key the characters appear in clear-text

4. After saving, one can see the password/AWS secret access key in clear-text on the Backend card

5. The password/AWS secret access key should be masked

8. The password/AWS secret access key should be masked while shown on the Parameters column

Originally created by @teixemf on GitHub (Oct 7, 2023). ### NetBox version v3.6.3 ### Python version 3.11 ### Steps to Reproduce 1. Add a new _Data Source_ 2. Select Type: _Git_ || _Amazon S3_ 3. Input the _Password_ if Type _Git_ || input the _AWS secret access key_ if Type _Amazon S3_ 4. Save 5. Edit the newly added _Git_ || _Amazon S3_ Data Source 6. Save 7. Go to the Data Sources main page showing the all Data Sources table 8. Configure the table to show the column _Parameters_ ### Expected Behavior 3. While typing the _password/AWS secret access key_ the characters should be masked 4. After saving, one can see the _password/AWS secret access key_ in clear-text on the Backend card 5. The _password/AWS secret access key_ should be masked 8. The _password/AWS secret access key_ should be masked while shown on the _Parameters_ column ### Observed Behavior 3. While typing the _password/AWS secret access key_ the characters appear in clear-text 4. After saving, one can see the _password/AWS secret access key_ in clear-text on the Backend card   5. The _password/AWS secret access key_ should be masked   8. The _password/AWS secret access key_ should be masked while shown on the _Parameters_ column 

adam closed this issue 2025-12-29 20:40:26 +01:00

adam commented 2025-12-29 20:40:27 +01:00

Author

Owner

Copy Link

@abhi1693 commented on GitHub (Oct 7, 2023):

I don't think this is a bug. This is somewhat related to #13304, I suspect you are someone with edit access if you are able to view the sensitive parameters as plain text. Moreover, as per #12625 the functionality was requested only for detail object view.

There are other issues I see with this report

1. You mentioned that the field should display a masked value while typing in the dit form, but that's a standard char field. I don't believe we currently have a password field in the core so not a bug but can be implemented.
2. Your expected behaviour is to mask the results irrespective of the permission you own, which is essentially a request to change the current behaviour implemented in #12625. So, this is a workflow change rather than a bug also.
3. You have also asked to mask the values in the table and shown as a bug but this was never implemented as a feature and doesn't even mention this in the documentation.
   I would reclassify this as a feature request instead as this was never released as a core feature.

@abhi1693 commented on GitHub (Oct 7, 2023): I don't think this is a bug. This is somewhat related to #13304, I suspect you are someone with edit access if you are able to view the sensitive parameters as plain text. Moreover, as per #12625 the functionality was requested only for detail object view. There are other issues I see with this report 1. You mentioned that the field should display a masked value while typing in the dit form, but that's a standard char field. I don't believe we currently have a password field in the core so not a bug but can be implemented. 2. Your expected behaviour is to mask the results irrespective of the permission you own, which is essentially a request to change the current behaviour implemented in #12625. So, this is a workflow change rather than a bug also. 3. You have also asked to mask the values in the table and shown as a bug but this was never implemented as a feature and doesn't even mention this in the documentation. I would reclassify this as a feature request instead as this was never released as a core feature.

adam commented 2025-12-29 20:40:28 +01:00

Author

Owner

Copy Link

@teixemf commented on GitHub (Oct 8, 2023):

I don't argue if it can be considered feature request.
I only reported it as a bug based on the behavior of the User form.

In the User form there is also a Password field and that one appears to deal with the password sensitivity correctly.
While adding a password It masks the chars while typing, and it has a field for password input confirmation.
When editing, the password doesn't show up on the screen and it is not rendered in the HTML code.

Bullet 1. appears to be implemented already on the User form:
4286c1cde2/netbox/users/forms/model_forms.py (L166C1-L177C6)

Bullet 2. appears also to be implemented on the User form. No user can see my password. Not even my user. The User can only change it.

Bullet 3. relates to https://github.com/netbox-community/netbox/issues/13729

@teixemf commented on GitHub (Oct 8, 2023): I don't argue if it can be considered feature request. I only reported it as a bug based on the behavior of the User form. In the User form there is also a Password field and that one appears to deal with the password sensitivity correctly. While adding a password It masks the chars while typing, and it has a field for password input confirmation. When editing, the password doesn't show up on the screen and it is not rendered in the HTML code. Bullet 1. appears to be implemented already on the User form: https://github.com/netbox-community/netbox/blob/4286c1cde255a9bf146b3b192e1ac17566af0094/netbox/users/forms/model_forms.py#L166C1-L177C6 Bullet 2. appears also to be implemented on the User form. No user can see my password. Not even my user. The User can only change it. Bullet 3. relates to https://github.com/netbox-community/netbox/issues/13729

adam commented 2025-12-29 20:40:28 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Oct 13, 2023):

I agree with @abhi1693 that none of the behavior mentioned here deviates from expected operation. While I appreciate the need to treat certain data as sensitive, there is a competing need to make it available to enable certain operations and troubleshooting.

@teixemf if you would like to propose a mechanism for omitting potentially sensitive data from the changelog, please submit a feature request detailing both your proposed implementation as well as consideration of the constraints it would impose. Further, if you would like to propose changes to any of the form fields, please submit a separate FR for those.

@jeremystretch commented on GitHub (Oct 13, 2023): I agree with @abhi1693 that none of the behavior mentioned here deviates from expected operation. While I appreciate the need to treat certain data as sensitive, there is a competing need to make it available to enable certain operations and troubleshooting. @teixemf if you would like to propose a mechanism for omitting potentially sensitive data from the changelog, please submit a feature request detailing both your proposed implementation as well as consideration of the constraints it would impose. Further, if you would like to propose changes to any of the form fields, please submit a separate FR for those.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#8728