Weak Obfuscation in newrelic-cli/internal/agent/obfuscate/utils.go

[timosarkar]

Hi All,

In this file, you define the obfuscation mechanism used in the subcommand newrelic agent config obfuscate. From my understanding you can generate obfuscated credentials through this and then use them in your newrelic environment. But exposing such obfuscated strings can leave you exposed since this cli is opensource and anybody can easily reverse it.

newrelic-cli/internal/agent/obfuscate/utils.go

Line 14 in 78fc872

func StringWithKey(textToObfuscate string, encodingKey string) string {

I would suggest to use a proper encryption algorithm instead of just obfuscating values.