Filter sensitive values from being logged in ProcessProxy

jupyter-server / enterprise_gateway

A lightweight, multi-tenant, scalable and secure gateway that enables Jupyter Notebooks to share resources across distributed clusters such as Apache Spark, Kubernetes and others.

https://jupyter-enterprise-gateway.readthedocs.io/en/latest/

Other

615 stars 220 forks source link

Filter sensitive values from being logged in ProcessProxy #1279

Closed starskyreverie closed 1 year ago

starskyreverie commented 1 year ago

Allows users to set kwarg sensitive_env for ProcessProxy, an array of phrases indicating secrets that users may not want logged.

kevin-bates commented 1 year ago

I guess I meant for these to be manifested as configurable traits (that can be configured via a configuration file), but initially rolling with envs is probably fine so let's skip the trait aspect of this.

Please add documentation for each of the new envs to this page: https://github.com/jupyter-server/enterprise_gateway/blob/main/docs/source/operators/config-add-env.md

starskyreverie commented 1 year ago

Oh okay, sounds good! To do what you said via traitlets, should I define EG_SENSITIVE_ENV_KEYS in mixins.py or is there a better place?

kevin-bates commented 1 year ago

To do what you said via traitlets, should I define EG_SENSITIVE_ENV_KEYS in mixins.py or is there a better place?

Yes, but I'm thinking it might be best to just keep these as envs for now. These will need to reside in Gateway Provisioners when EG moves to those and we could decide to use traits at that time, but introducing traits now will only create migration headaches.