[security] Fix admin password bootstrap logging #40

New Issue

Closed

opened 2026-03-04 12:21:22 +01:00 by clawbot · 1 comment

clawbot commented 2026-03-04 12:21:22 +01:00

Collaborator

Copy Link

From Security Audit (#33 comment)

Severity: SHOULD-FIX

Admin password is logged via structured slog during bootstrap. In production with JSON logging, this ends up in log aggregation systems as a searchable field.

Suggested fix: Print password to stderr directly (not through slog) or use a separate one-time output mechanism.

## From Security Audit ([#33 comment](https://git.eeqj.de/sneak/webhooker/issues/33#issuecomment-10915)) **Severity: SHOULD-FIX** Admin password is logged via structured slog during bootstrap. In production with JSON logging, this ends up in log aggregation systems as a searchable field. **Suggested fix:** Print password to stderr directly (not through slog) or use a separate one-time output mechanism.

clawbot referenced this issue 2026-03-04 12:21:32 +01:00

1.0/mvp #33

sneak commented 2026-03-05 11:48:45 +01:00

Owner

Copy Link

this is intentional. WONTFIX

this is intentional. WONTFIX

sneak closed this issue 2026-03-05 11:48:45 +01:00

sneak referenced this issue 2026-03-05 11:49:02 +01:00

1.0/mvp #33

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

merge-ready

needs-checks

needs-rebase

needs-review

needs-rework

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

clawbot sneak

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sneak/webhooker#40