Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hides api key from debug logs #244

Merged
merged 7 commits into from
Feb 8, 2021
Merged

hides api key from debug logs #244

merged 7 commits into from
Feb 8, 2021
+38 −2

Conversation

JakeDawkins
Copy link
Contributor

@JakeDawkins JakeDawkins commented Feb 6, 2021
edited
Loading

This PR aims to:

  • Masks api key env variable printout
  • Print the .config file's contents safely. This would be a little more complicated to safely handle, so for now, I swapped out printing the contents themselves for just printing the data length of the file.

Idk if there's a "safe" way to allow actual printing of these (or trace) logs without accidentally printing api keys. It'd be useful for them to be printed somewhere, but I'd want to make it as hard as possible to accidentally miss it and paste it somewhere.

Other ideas

  • an explicitly unsafe log level such as sensitive_trace would be really cool I think, but that seems to be a more extreme step. Happy to hear any other thoughts or ideas here :)

lrlna
lrlna approved these changes Feb 8, 2021
View reviewed changes
EverlastingBugstopper
EverlastingBugstopper approved these changes Feb 8, 2021
View reviewed changes
Copy link
Contributor

@EverlastingBugstopper EverlastingBugstopper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's a weird mod.rs.swp we should likely remove but otherwise this looks good!

@JakeDawkins JakeDawkins merged commit 0466478 into main Feb 8, 2021
@JakeDawkins JakeDawkins deleted the jake/hide-api-key branch February 8, 2021 16:49
@lrlna lrlna mentioned this pull request Feb 9, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrlna lrlna lrlna approved these changes

@EverlastingBugstopper EverlastingBugstopper EverlastingBugstopper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JakeDawkins @lrlna @EverlastingBugstopper