This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cap_nitesh
Level 3
‎Feb 26, 2024 04:52 AM

logs display sensitive information

I am facing issue related to log file is displaying sensitive information . we are using installshild .
when i am calling msiexe.exe from powersell .
like that
start-process "msiexec.exe" -Verb RunAs -arg "/i $BuildPath\main.msi /quiet /lvoicewarmupx `"$applicationInstallLogFilePath`" ISSETUPDRIVEN=1 /qn SHA_HOST=`"$remoteHost`" SHA_PORT=`"$remotePort`" SHA_USERNAME=`"$remoteUser`" IS_KEY_FILE=`"$remoteKeyFile`" SHA_PASSWORD=`"$plainRemotePassword`" SHA_KEY_PATH=`"$remoteKeyFilePath`" SQL_HOSTNAME=`"$sqlServer`" SQL_PORT=`"$sqlPort`" IS_SQLSERVER_USERNAME=`"$sqlUser`" IS_SQLSERVER_PASSWORD=`"$plainSqlPassword`"

these all information is displaying in logs like that
"HOST_NAME=\"bctadmin@tf-sfd.com\" SCRIPTS_ARCHIVE_NAME=\"integrationscripts\" SCRIPTS_ARCHIVE_COPY_DRIVE=\"./\" SHA_PORT=\"22\" SHA_KEY_PATH=\"C:\Users\Olt\.ssh\id_ed25519\" IS_CONNECT_EXIST_DATABASE=\"0\" SHA_PASSWORD=\"tsdU\" IS_KEY_FILE=\"1\" LOG_FILE_PATH=\"C:\Users\Oly\Downloads\Logs\02-14-2024 111458\SetupLog.log\" ISSETUPDRIVEN=\"1\"
i want to hide all the sensitive information.
can anyone suggest me a way how we can hide such information in logs.

Labels (1)
Labels
0 Kudos
(3) Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator
‎Feb 26, 2024 05:01 AM

Take a look at the MsiHiddenProperties property.
Simply add the property name you wish to hide in the log to prevent it being written in the log:

https://learn.microsoft.com/en-us/windows/win32/msi/msihiddenproperties 

 

1. In the View List under Behavior and Logic, click Property Manager.

2. In the Name column, find the MsiHiddenProperties property.
If this property is not listed, click the New Property button to create this property, and in the Name column, enter MsiHiddenProperties.

3. In the Value column, enter the name of the property that you want to be hidden. To list more than one property, separate each with a semicolon (;).

 

0 Kudos
cap_nitesh
Level 3
In response to shunt
‎Feb 26, 2024 05:04 AM

Thanks for your replay

yes we done same work but when passing same parameter from powershell that is showing in logs like that
"HOST_NAME=\"bctadmin@tf-sfd.com\" SCRIPTS_ARCHIVE_NAME=\"integrationscripts\" SCRIPTS_ARCHIVE_COPY_DRIVE=\"./\" SHA_PORT=\"22\" SHA_KEY_PATH=\"C:\Users\Olt\.ssh\id_ed25519\" IS_CONNECT_EXIST_DATABASE=\"0\" SHA_PASSWORD=\"tsdU\" IS_KEY_FILE=\"1\" LOG_FILE_PATH=\"C:\Users\Oly\Downloads\Logs\02-14-2024 111458\SetupLog.log\" ISSETUPDRIVEN=\"1\"
we need to hide that value from logs


0 Kudos
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator
In response to cap_nitesh
‎Feb 26, 2024 07:28 AM

That Microsoft article suggests to check the debug system policy - as avalue of 7 will cause information written on a command line to be written into the log even if they have been added to MsiHiddenProperties

Some other suggestions from Microsoft can be found here:

https://learn.microsoft.com/en-us/windows/win32/msi/preventing-confidential-information-from-being-written-into-the-log-file

0 Kudos