Closed ronilan closed 2 years ago
@ronilan code looks good to me.
@cheempz Is it the idea for agent has its own understanding of service key masking? Although Python, PHP, Node are doing similar masking by ...
. They have different behavior for edge cases.
Overview
This pull request changes logging code so that it masks a service key output in the logged error even if the input value itself is not a valid service key.
Status
When user is providing an invalid service key, application logs will contain what was provided as-is. An invalid service key may still expose a valid and usable token or part thereof.
Change
Always mask the service key provided.
Note
nh-main
. Agent built frommaster
will stay unchanged.