Build the utilities that will be used in the migration to filter key-value data according to KeyValueCollectionBehavior rules, and convenient helpers to read the resolved config from a client instance.
We need to support off/denyList/allowList filtering to a key-value record:
- Built-in denylist terms per spec:
auth, token, secret, password, passwd, pwd, key, jwt, bearer, sso, saml, csrf, xsrf, credentials, session, sid, identity
- Matching: partial, case-insensitive (e.g.
"Authorization" matches "auth")
- Matched values replaced with
"[Filtered]"; key names always preserved
- Export all helpers from core package
Build the utilities that will be used in the migration to filter key-value data according to
KeyValueCollectionBehaviorrules, and convenient helpers to read the resolved config from a client instance.We need to support
off/denyList/allowListfiltering to a key-value record:auth, token, secret, password, passwd, pwd, key, jwt, bearer, sso, saml, csrf, xsrf, credentials, session, sid, identity"Authorization"matches"auth")"[Filtered]"; key names always preserved