CloudConfigurationManager.GetSetting exposes configuration setting values to tracing/logging (and is quite verbose)

[sopelt]

CloudConfigurationManager.GetSetting should be used to retrieve settings from app.config as well as Azure cscfgs in a transparent fashion (especially useful when deploying to websites and cloud services).
The internal implementation (i.e. AzureApplicationSettings.GetValue) logs (via Trace.WriteLine) if the setting has been found or not using a certain configuration mechanism. This logging cannot be prevented which makes the output quite verbose which is unwanted (as discussed here and here).

My main concern is that it also logs the actual setting value. This is a potential security issue as data like blob or SQL connection strings may be written to diagnostics storage or other trace listeners.

#653

[markcowl]

@bradygaster please assign for triage

[mleyb]

As of nuget package v2.0.3 this is still an issue for me - has this fix been released yet?

[sopelt]

@mleyb, I am afraid the last configuration manager release (2.0.3 - the one you are using) is from 2013 and predates my change. We are still using our own drop-in CloudConfigurationManager for that reason. I will try to find out who might be able to answer if and when there might be a new release.

[mleyb]

Are you planning to push out a new nuget package with this fix in any time soon?

[hovsepm]

Fixed in version 3.0.0. Please update Microsoft Azure Configuration Manager nuget package.

[mleyb]

Amazing news! Thanks a lot 👍

[mleyb]

....hang on a minute - this doesn't seem to work at all with Azure SDK v2.5 when running a simple worker role in the emulator, or in Azure. I just get null values for cloud service settings??? app.config seems to work OK but not the service settings

[malixsys]

How do we turn off tracing for CloudConfigurationManager all together?