don't log secrets even with debug logging enabled (#71)

Southclaws · web-flow · commit c1c7c9c7734f · 2020-07-15T23:53:38.000+01:00
diff --git a/secret/vault/vault.go b/secret/vault/vault.go
@@ -87,7 +87,7 @@ func (v *VaultSecrets) GetSecretsForTarget(name string) (map[string]string, erro
 	}
 
 	zap.L().Debug("found secrets in vault",
-		zap.Any("secret", secret))
+		zap.Strings("secret", keys(env)))
 
 	return env, nil
 }
@@ -152,6 +152,13 @@ func kvToMap(version int, data map[string]interface{}) (env map[string]string, e
 	return
 }
 
+func keys(m map[string]string) (k []string) {
+	for x := range m {
+		k = append(k, x)
+	}
+	return
+}
+
 // because Vault has no way to know if a kv engine is v1 or v2, we have to check
 // for the /config path and if it doesn't exist, attempt to LIST the path, if
 // that succeeds, it's a v1, if it doesn't succeed, it *might still* be a v1 but

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func (v *VaultSecrets) GetSecretsForTarget(name string) (map[string]string, erro`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`zap.L().Debug("found secrets in vault",`
`90`		`- zap.Any("secret", secret))`
	`90`	`+ zap.Strings("secret", keys(env)))`
`91`	`91`
`92`	`92`	`return env, nil`
`93`	`93`	`}`
`@@ -152,6 +152,13 @@ func kvToMap(version int, data map[string]interface{}) (env map[string]string, e`
`152`	`152`	`return`
`153`	`153`	`}`
`154`	`154`
	`155`	`+func keys(m map[string]string) (k []string) {`
	`156`	`+ for x := range m {`
	`157`	`+ k = append(k, x)`
	`158`	`+ }`
	`159`	`+ return`
	`160`	`+}`
	`161`	`+`
`155`	`162`	`// because Vault has no way to know if a kv engine is v1 or v2, we have to check`
`156`	`163`	`// for the /config path and if it doesn't exist, attempt to LIST the path, if`
`157`	`164`	`// that succeeds, it's a v1, if it doesn't succeed, it might still be a v1 but`