PKI Deployment Scriptlets

* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .

1 files changed, 5 insertions, 4 deletions

diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index 8364d9519..73919ce5a 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -22,6 +22,7 @@
 # PKI Deployment Imports
 import pkiconfig as config
 from pkiconfig import pki_master_dict as master
+from pkiconfig import pki_sensitive_dict as sensitive
 import pkihelper as util
 import pkimessages as log
 import pkiscriptlet
@@ -37,14 +38,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         if not config.pki_dry_run_flag:
             util.password.create_password_conf(
                 master['pki_shared_password_conf'],
-                master['pki_pin'])
+                sensitive['pki_pin'])
             # Since 'certutil' does NOT strip the 'token=' portion of
             # the 'token=password' entries, create a temporary server 'pfile'
             # which ONLY contains the 'password' for the purposes of
             # allowing 'certutil' to generate the security databases
             util.password.create_password_conf(
                 master['pki_shared_pfile'],
-                master['pki_pin'], pin_sans_token=True)
+                sensitive['pki_pin'], pin_sans_token=True)
             util.file.modify(master['pki_shared_password_conf'])
             util.certutil.create_security_databases(
                 master['pki_database_path'],
@@ -91,14 +92,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         else:
             util.password.create_password_conf(
                 master['pki_shared_password_conf'],
-                master['pki_pin'])
+                sensitive['pki_pin'])
             # Since 'certutil' does NOT strip the 'token=' portion of
             # the 'token=password' entries, create a temporary server 'pfile'
             # which ONLY contains the 'password' for the purposes of
             # allowing 'certutil' to generate the security databases
             util.password.create_password_conf(
                 master['pki_shared_pfile'],
-                master['pki_pin'], pin_sans_token=True)
+                sensitive['pki_pin'], pin_sans_token=True)
             util.certutil.create_security_databases(
                 master['pki_database_path'],
                 master['pki_cert_database'],