Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact potentially sensitive config keys from log messages #62

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Redact potentially sensitive config keys from log messages #62

wants to merge 6 commits into from

Conversation

NoxHarmonium
Copy link

As discussed in #61 I have created a whitelist of config values that are considered non-sensitive, and all others will be redacted with the string "****"

I noticed there was some other code that redacts the SASL password so I switched that to use the new redact function so everything is consistent.

I also have made some small changes to the CI pipeline as it was not building properly when trying to test the fork (and added some newer python versions).

Fixes #61, Fixes #60

@NoxHarmonium
Redact anything potentially sensitive from config logging
1152ab3 
- It might be overkill to redact a lot of the keys, but its probably better to be safe than sorry
@NoxHarmonium
Use consistent react function
c4962e6 
- I found another place where the password is getting redacted so I thought it might be good to use the same function to do it everywhere
@NoxHarmonium
Add some documentation to redact_config
021d77c
@NoxHarmonium
docker-compose is no longer its own binary
162ff49 
- It lives under docker
@NoxHarmonium
Test more python versions
07c7a53
@NoxHarmonium
Update test script to match CI
2892e89
NoxHarmonium
NoxHarmonium commented Nov 20, 2024
View reviewed changes
.github/workflows/tests.yml
@@ -11,15 +11,15 @@ jobs:

strategy:
matrix:
python-version: ["3.8", "3.9", "3.10"]
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
Copy link
Author

@NoxHarmonium NoxHarmonium Nov 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't sure if we wanted to remove some of the older versions, looks like Python 3.8 is EOL, but the builds run in parallel so it doesn't seem to hurt to have more versions in there.

NoxHarmonium
NoxHarmonium commented Nov 20, 2024
View reviewed changes
bluesky_kafka/logging_utils.py
# "sasl.login.class",
# "sasl.mechanism",
# "sasl.oauthbearer.jwks.endpoint.url",
# "sasl.oauthbearer.token.endpoint.url",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't usually like having a heap of commented out code like this, but it is handy to see at a glance what keys are getting redacted so I left it in for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@NoxHarmonium