fix(config): redact sensitive fields in /api/config response#865
Merged
fix(config): redact sensitive fields in /api/config response#865
Conversation
- Add SanitizedCopy method to replace credentials and secrets with REDACTED - Update configHandler to return sanitized config copy instead of raw config - Fix HTTP status from 201 Created to 200 OK for GET endpoint - Add tests for SanitizedCopy with populated and empty sensitive fields - Add assertions verifying secrets are not exposed in handler response Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR prevents leaking secrets via the unauthenticated GET /api/config endpoint by returning a redacted copy of the loaded configuration and correcting the endpoint’s HTTP status code.
Changes:
- Add
(*config.ConfYaml).SanitizedCopy()to redact sensitive config fields. - Update
configHandlerto returncfg.SanitizedCopy()and use HTTP200 OK(instead of201 Created). - Add/extend tests to verify secrets are not present in the
/api/configresponse and that redaction does not mutate the original config.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| router/server.go | Switch /api/config to return HTTP 200 and a sanitized config copy. |
| router/server_test.go | Update expected status to 200 and add assertions that secrets don’t appear in the response. |
| config/config.go | Introduce SanitizedCopy() and redact() helper for secret redaction. |
| config/config_test.go | Add unit tests for SanitizedCopy() including empty-field behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add Core.CertPath and Core.KeyPath to redacted fields - Redact Core.FeedbackHeader entries that may contain API keys - Add test assertions for new redacted fields and original immutability Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SanitizedCopy()method onConfYamlto return a copy with all sensitive fields (credentials, passwords, TLS keys, proxy URLs) replaced with[REDACTED]configHandlerto usecfg.SanitizedCopy()instead of exposing the raw config struct201 Createdto200 OKfor the GET endpointRedacted Fields
Test plan
TestSanitizedCopy— verifies all sensitive fields are redacted, non-sensitive fields preserved, original config unmodifiedTestSanitizedCopyEmptyFields— verifies empty strings stay empty (not[REDACTED])TestAPIConfigHandler— verifies response uses HTTP 200, contains[REDACTED], and does not contain raw secret values🤖 Generated with Claude Code