API password in clear text in container log

[RobMcRob24]

This is a: BUG

Details

Related Issues

• I have searched this repository/Pi-hole forums for existing issues and pull requests that look similar

How to reproduce the issue

1. Environment data

• Operating System: Docker container on Synology NAS ds922+
• Hardware: Synology NAS
• Kernel Architecture: Linux ds922 4.4.302+ #64570 SMP Thu Jul 20 00:06:38 CST 2023 x86_64 GNU/Linux synology_geminilake_920+
• Docker Install Info and version: Synology docker package, portainer
• Hardware architecture: x86_64

2. portainer stack content

version: '2' # version 2 is necessary. v3 does not support ipam

services:
 pihole:
   container_name: pihole6
   image: pihole/pihole:development-v6
   hostname: pihole
   networks:
     pi:
       ipv4_address: 192.168.24.199
   cap_add:
     - NET_ADMIN # add if using DHCP in pihole
   volumes:
     - "/volume2/docker/pihole6/pihole/:/etc/pihole/"
     - "/volume2/docker/pihole6/log/:/var/log/pihole/"
   dns:
     - 8.8.8.8
     - 8.8.4.4
   ports:
     - 53:53/tcp
     - 53:53/udp
     - 67:67/udp
     - 80:80/tcp
     - 443:443/tcp
   environment:
     TZ: Europe/Berlin
     ServerIP: 192.168.24.199
     FTLCONF_webserver_api_password: xxxxxx
     FTLCONF_dns_upstreams: "8.8.8.8;8.8.4.4"
     SKIPGRAVITYONBOOT: 1
     DNSMASQ_USER: root
     PIHOLE_UID: 1026
     PIHOLE_GID: 100
   restart: unless-stopped

networks:
 pi:
  external: true
  name: syn_macvlan

container logfile content from current restart:

2023-10-31T17:27:56.442843772Z 2023-10-31 18:27:56.442 [172M] INFO: PID of FTL process: 172
2023-10-31T17:27:56.443437182Z 2023-10-31 18:27:56.443 [172M] INFO: Database version is 16
2023-10-31T17:27:56.443653813Z 2023-10-31 18:27:56.443 [172M] INFO: Database successfully initialized
2023-10-31T17:27:57.184595991Z 2023-10-31 18:27:57.184 [172M] INFO: Imported 43977 queries from the on-disk database (it has 470541 rows)
2023-10-31T17:27:57.184974592Z 2023-10-31 18:27:57.184 [172M] INFO: Parsing queries in database
2023-10-31T17:27:57.254078147Z 2023-10-31 18:27:57.253 [172M] INFO:   10000 queries parsed...
2023-10-31T17:27:57.312074946Z 2023-10-31 18:27:57.311 [172M] INFO:   20000 queries parsed...
2023-10-31T17:27:57.377185445Z 2023-10-31 18:27:57.376 [172M] INFO:   30000 queries parsed...
2023-10-31T17:27:57.455441374Z 2023-10-31 18:27:57.455 [172M] INFO:   40000 queries parsed...
2023-10-31T17:27:57.481113190Z 2023-10-31 18:27:57.480 [172M] INFO: Imported 43976 queries from the long-term database
2023-10-31T17:27:57.481644125Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Total DNS queries: 43976
2023-10-31T17:27:57.481696719Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Cached DNS queries: 24523
2023-10-31T17:27:57.481735838Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Forwarded DNS queries: 10483
2023-10-31T17:27:57.481769148Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Blocked DNS queries: 8849
2023-10-31T17:27:57.481813035Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Unknown DNS queries: 0
2023-10-31T17:27:57.481848806Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Unique domains: 1727
2023-10-31T17:27:57.481881910Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Unique clients: 34
2023-10-31T17:27:57.481918204Z 2023-10-31 18:27:57.481 [172M] INFO:  -> Known forward destinations: 3
2023-10-31T17:27:57.482603757Z 2023-10-31 18:27:57.482 [172M] INFO: listening on 0.0.0.0 port 53
2023-10-31T17:27:57.482662864Z 2023-10-31 18:27:57.482 [172M] INFO: listening on :: port 53
2023-10-31T17:27:57.483665854Z 2023-10-31 18:27:57.483 [172M] INFO: PID of FTL process: 172
2023-10-31T17:27:57.483731835Z 2023-10-31 18:27:57.483 [172M] INFO: FTL is running as root
2023-10-31T17:27:57.483899255Z 2023-10-31 18:27:57.483 [172M] INFO: Using SSL/TLS certificate file /etc/pihole/tls.pem
2023-10-31T17:27:57.501584844Z 2023-10-31 18:27:57.501 [172M] INFO: Restored 0 API sessions from the database
2023-10-31T17:27:57.516317135Z 2023-10-31 18:27:57.516 [172M] INFO: Blocking status is enabled
2023-10-31T17:27:57.667103473Z 2023-10-31 18:27:57.666 [172/T173] INFO: Compiled 1 allow and 0 deny regex for 34 clients in 49.6 msec
2023-10-31T17:28:20.468807071Z 2023-10-31 18:28:20.468 [172/T178] INFO: Password: "xxxxxx"
2023-10-31T17:28:58.755256713Z 2023-10-31 18:28:58.754 [172/T173] INFO: Compiled 1 allow and 0 deny regex for 34 clients in 47.8 msec
2023-10-31T17:29:04.419864724Z 2023-10-31 18:29:04.419 [172/T173] INFO: Compiled 1 allow and 0 deny regex for 34 clients in 48.9 msec

During every logon to pihole webpage the password is written i clear text in the container log file.

These common fixes didn't work for my issue

• I have tried removing/destroying my container, and re-creating a new container
• I have tried fresh volume data by backing up and moving/removing the old volume data
• I have tried running the stock docker run example(s) in the readme (removing any customizations I added)
• I have tried a newer or older version of Docker Pi-hole (depending what version the issue started in for me)
• I have tried running without my volume data mounts to eliminate volumes as the cause

[DL6ER]

Thanks for your report and sorry for the issue in the first place. Will be fixed by #1720