cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cap_nitesh
Level 2

logs display sensitive information

I am facing issue related to log file is displaying sensitive information . we are using installshild .
when i am calling msiexe.exe from powersell .
like that
start-process "msiexec.exe" -Verb RunAs -arg "/i $BuildPath\main.msi /quiet /lvoicewarmupx `"$applicationInstallLogFilePath`" ISSETUPDRIVEN=1 /qn SHA_HOST=`"$remoteHost`" SHA_PORT=`"$remotePort`" SHA_USERNAME=`"$remoteUser`" IS_KEY_FILE=`"$remoteKeyFile`" SHA_PASSWORD=`"$plainRemotePassword`" SHA_KEY_PATH=`"$remoteKeyFilePath`" SQL_HOSTNAME=`"$sqlServer`" SQL_PORT=`"$sqlPort`" IS_SQLSERVER_USERNAME=`"$sqlUser`" IS_SQLSERVER_PASSWORD=`"$plainSqlPassword`"

these all information is displaying in logs like that
"HOST_NAME=\"bctadmin@tf-sfd.com\" SCRIPTS_ARCHIVE_NAME=\"integrationscripts\" SCRIPTS_ARCHIVE_COPY_DRIVE=\"./\" SHA_PORT=\"22\" SHA_KEY_PATH=\"C:\Users\Olt\.ssh\id_ed25519\" IS_CONNECT_EXIST_DATABASE=\"0\" SHA_PASSWORD=\"tsdU\" IS_KEY_FILE=\"1\" LOG_FILE_PATH=\"C:\Users\Oly\Downloads\Logs\02-14-2024 111458\SetupLog.log\" ISSETUPDRIVEN=\"1\"
i want to hide all the sensitive information.
can anyone suggest me a way how we can hide such information in logs.

Labels (1)
0 Kudos
(3) Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

Take a look at the MsiHiddenProperties property.
Simply add the property name you wish to hide in the log to prevent it being written in the log:

https://learn.microsoft.com/en-us/windows/win32/msi/msihiddenproperties 

 

1. In the View List under Behavior and Logic, click Property Manager.

2. In the Name column, find the MsiHiddenProperties property.
If this property is not listed, click the New Property button to create this property, and in the Name column, enter MsiHiddenProperties.

3. In the Value column, enter the name of the property that you want to be hidden. To list more than one property, separate each with a semicolon (;).

 

0 Kudos

Thanks for your replay

yes we done same work but when passing same parameter from powershell that is showing in logs like that
"HOST_NAME=\"bctadmin@tf-sfd.com\" SCRIPTS_ARCHIVE_NAME=\"integrationscripts\" SCRIPTS_ARCHIVE_COPY_DRIVE=\"./\" SHA_PORT=\"22\" SHA_KEY_PATH=\"C:\Users\Olt\.ssh\id_ed25519\" IS_CONNECT_EXIST_DATABASE=\"0\" SHA_PASSWORD=\"tsdU\" IS_KEY_FILE=\"1\" LOG_FILE_PATH=\"C:\Users\Oly\Downloads\Logs\02-14-2024 111458\SetupLog.log\" ISSETUPDRIVEN=\"1\"
we need to hide that value from logs


0 Kudos
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

That Microsoft article suggests to check the debug system policy - as avalue of 7 will cause information written on a command line to be written into the log even if they have been added to MsiHiddenProperties

Some other suggestions from Microsoft can be found here:

https://learn.microsoft.com/en-us/windows/win32/msi/preventing-confidential-information-from-being-written-into-the-log-file

0 Kudos