search

paritytech / opstooling-js

Shared functionality for OpsTooling projects
https://www.npmjs.com/package/@eng-automation/js
Apache License 2.0
0 stars 1 forks source link

Masking secrets in logger #49

Closed mutantcornholio closed 1 year ago

mutantcornholio commented 1 year ago

Fixes #48

mutantcornholio commented 1 year ago

I'm thinking on cases with not sensitive secrets being masked in the logs.

A phrase "Not sensitive secrets" makes no sense to me. "secrets" and "sensitive data" are interchangeable terms IMO.

Do you mean configuration options that aren't secret? Well, just not add those to addSecretsToMask.
Here's what I did in faucet to test it out locally: 

  for (const config of Object.values(specs.config)) {
    for (const item of Object.values(config)) {
      if (item.options.masked) { // <<< THIS
        const value = configInstance.Get("CONFIG", item.name);
        if (value !== undefined) {
          logger.addSecretsToMask(value);
        }
      }
    }
  }
Bullrich commented 1 year ago

A phrase "Not sensitive secrets" makes no sense to me. "secrets" and "sensitive data" are interchangeable terms IMO.

I phrased wrong, I meant environment variables 😅

Well, just not add those to addSecretsToMask.

I see you have already considered that case. Perfect! That was my only doubt.