From e68270d58cd298a73b316dd6fc1eeaa54f5dbdfb Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Mon, 30 Oct 2023 11:52:31 +0100
Subject: [PATCH] Remove token password from destroy logs

In case of failure of the `sslget` command, during `pkidestroy`, the log will contain the full list of option including the token password.
This has been obfuscated before the failure is logged.

Solve RHCS-4547
---
 base/server/python/pki/server/deployment/pkihelper.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 2018f7435ca..5c02423480d 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -2454,6 +2454,7 @@ def update_domain_using_agent_port(
             logger.warning(
                 log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
                 secname)
+            exc.cmd[4] = "******"
             logger.error(log.PKI_SUBPROCESS_ERROR_1, exc)
             if critical_failure:
                 raise