Closed mashhurs closed 1 year ago
This PR ensures to protect the password, security_token and client_secret from leaks in the debug logs.
password
security_token
client_secret
# config input { salesforce { client_id => "OAUTH_CLIENT_ID_FROM_YOUR_SFDC_APP" client_secret => "OAUTH_CLIENT_SECRET" username => "email@example.com" password => "super-secret" security_token => "SECURITY_TOKEN" sfdc_object_name => "Opportunity" } } output { stdout {} }
# Log before change # Log before change [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@password = "super-secret" [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@sfdc_object_name = "Opportunity" [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@security_token = "SECURITY_TOKEN" [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@client_secret = "OAUTH_CLIENT_SECRET" [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@id = "bd7dc92c85796c3ea5c00db2b609c7de40dbe32a5b98bf14df4a66139f117090" [2022-12-01T18:05:17,380][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@client_id = "OAUTH_CLIENT_ID_FROM_YOUR_SFDC_APP" # Log after change [2022-12-01T18:01:36,390][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@password = <password> [2022-12-01T18:01:36,390][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@sfdc_object_name = "Opportunity" [2022-12-01T18:01:36,390][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@security_token = <password> [2022-12-01T18:01:36,390][DEBUG][logstash.inputs.salesforce] config LogStash::Inputs::Salesforce/@client_secret = <password>
Description
This PR ensures to protect the
password,security_tokenandclient_secretfrom leaks in the debug logs.Test