Skip to content

fix: redact password in database URI when logging#2032

Merged
ellie merged 1 commit intoatuinsh:mainfrom
jeremycline:redact-password
May 21, 2024
Merged

fix: redact password in database URI when logging#2032
ellie merged 1 commit intoatuinsh:mainfrom
jeremycline:redact-password

Conversation

@jeremycline
Copy link
Contributor

@jeremycline jeremycline commented May 20, 2024

Hi,

I think this is a bit of a niche fix since I imagine not tons of people self-host and perhaps it's something those who are running servers do want, so I won't be the least bit bothered if this isn't merged.

Previously, in the event that there was a configuration issue and the atuin server failed to connect to PostgreSQL, it would log the database URI including the password.

For example, if the password authentication failed the following log message would be printed:

Error: failed to connect to db: PostgresSettings { db_uri: "postgres://atuin:definitelymypassword@db.example.com/atuin" }

This change sets the password to "****" when printing it via Debug:

Error: failed to connect to db: PostgresSettings { db_uri: "postgres://atuin:****@db.example.com/atuin" }

Hopefully few people use **** as the actual password.

Checks

  • I am happy for maintainers to push small adjustments to this PR, to speed up the review cycle
  • I have checked that there are no existing pull requests for the same thing

@jeremycline
fix: redact password in database URI when logging
299396f 
Previously, in the event that there was a configuration issue and the
atuin server failed to connect to PostgreSQL, it would log the password.

For example, if the password authentication failed the following log
message would be printed:

Error: failed to connect to db: PostgresSettings { db_uri:
    "postgres://atuin:definitelymypassword@db.example.com/atuin" }

This change sets the password to "****" when printing it via Debug:

Error: failed to connect to db: PostgresSettings { db_uri:
    "postgres://atuin:****@db.example.com/atuin" }

Hopefully few people use **** as the actual password.
@tessus

This comment was marked as spam.

Sign in to view
ellie
ellie approved these changes May 21, 2024
View reviewed changes
Copy link
Member

@ellie ellie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you! 🥳

Seeing as this is your first time contributing, if you would like a holographic contributors-only Atuin sticker, then please fill out this form!

We do also have a Discord if you'd like to ask any questions, or just fancy hanging out!

@ellie ellie merged commit 3293084 into atuinsh:main May 21, 2024
@ellie ellie mentioned this pull request May 21, 2024
Closed
@jeremycline jeremycline deleted the redact-password branch May 21, 2024 04:06
@BrewTestBot BrewTestBot mentioned this pull request Jun 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellie ellie ellie approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jeremycline @tessus @ellie