From 9ded63d4f7c2632c57e8803d3f3e96983b23b72c Mon Sep 17 00:00:00 2001
From: "Gareth J. Greenaway" <gareth@saltstack.com>
Date: Wed, 17 Aug 2022 11:36:08 -0700
Subject: [PATCH 1/2] Removing unneccessary loggint that could display
 sensitive data.  Mask additional password related keys.

---
 salt/renderers/yaml.py  | 1 -
 salt/roster/__init__.py | 1 -
 salt/roster/dir.py      | 2 +-
 salt/roster/flat.py     | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/salt/renderers/yaml.py b/salt/renderers/yaml.py
index 958ab6e6bf16..3c3e28d51067 100644
--- a/salt/renderers/yaml.py
+++ b/salt/renderers/yaml.py
@@ -76,7 +76,6 @@ def render(yaml_data, saltenv="base", sls="", argline="", **kws):
                 )
         if not data:
             data = {}
-        log.debug("Results of YAML rendering: \n%s", data)
 
         def _validate_data(data):
             """
diff --git a/salt/roster/__init__.py b/salt/roster/__init__.py
index b45afffd2457..fc7339d785bd 100644
--- a/salt/roster/__init__.py
+++ b/salt/roster/__init__.py
@@ -103,5 +103,4 @@ def targets(self, tgt, tgt_type):
             except OSError as exc:
                 log.error("Can't access roster for backend %s: %s", back, exc)
 
-        log.debug("Matched minions: %s", targets)
         return targets
diff --git a/salt/roster/dir.py b/salt/roster/dir.py
index 2e01f22b5992..b194f192fd0c 100644
--- a/salt/roster/dir.py
+++ b/salt/roster/dir.py
@@ -99,7 +99,7 @@ def _render(roster_file, **kwargs):
             __opts__["renderer"],
             __opts__["renderer_blacklist"],
             __opts__["renderer_whitelist"],
-            mask_value="passw*",
+            mask_value="*passw*",
             **kwargs
         )
         result.setdefault("host", "{}.{}".format(os.path.basename(roster_file), domain))
diff --git a/salt/roster/flat.py b/salt/roster/flat.py
index 440b0e0073a8..599deaaf9455 100644
--- a/salt/roster/flat.py
+++ b/salt/roster/flat.py
@@ -26,7 +26,7 @@ def targets(tgt, tgt_type="glob", **kwargs):
         __opts__["renderer"],
         __opts__["renderer_blacklist"],
         __opts__["renderer_whitelist"],
-        mask_value="passw*",
+        mask_value="*passw*",
         **kwargs
     )
     conditioned_raw = {}

From e3d181a1ed1b3e14995b038b735722d08650bcac Mon Sep 17 00:00:00 2001
From: "Gareth J. Greenaway" <gareth@saltstack.com>
Date: Wed, 17 Aug 2022 11:39:11 -0700
Subject: [PATCH 2/2] Adding changelog.

---
 changelog/62483.fixed | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog/62483.fixed

diff --git a/changelog/62483.fixed b/changelog/62483.fixed
new file mode 100644
index 000000000000..54201adde5d4
--- /dev/null
+++ b/changelog/62483.fixed
@@ -0,0 +1 @@
+Update sanitizing masking for Salt SSH to include additional password like strings.