dneves
commented
8 years ago Hi - Sorry for the late response. I'm not logging the private token myself... that must be the gitlab api java wrapper that i'm using. Problem is that the token is part of the api url, so probably any error related to it will always be logged.
I dont think the hostname is enough, as i think it can be http or https... depends on your gitlab setup. I can for sure provide more error handling before trying to connect to gitlab - noted for future work ! :)
Thanks.
I specified the gitlab server using just the domain name without a preceding https:// - this resulted in an error message accessing the URL of "no protocol", and the full URL was dumped to the error log including the private token.
I think it would be better not to log private tokens. Also it would be helpful to either accept a straight hostname or inform the user they need to put the protocol there :)