Am I Affected?
You are affected if you use the nixpkgs package kanidmWithSecretProvisioning and have provisioned the admin or idm_admin credentials via secret provisioning. This is the case if you have enabled the NixOS module option services.kanidm.provision.enable and used either services.kanidm.provision.adminPasswordFile or services.kanidm.provision.idmAdminPasswordFile.
Impact
The provisioned admin credentials are leaked into the system logs.
Patches
The issue has been fixed in oddlama/kanidm-provision v1.2.0.
The corresponding patchsets in nixpkgs have been updated in:
- NixOS unstable: https://github.com/NixOS/nixpkgs/pull/392031 (PR progress tracker)
- NixOS 24.11: https://github.com/NixOS/nixpkgs/pull/392339 (PR progress tracker)