fix(config): mark config sentryDsn and mysql password sensitive (#511)…

… r=@vladikoff
mozilla · Jan 12, 2018 · d98fbcd · d98fbcd
1 parent e0de2f3
commit d98fbcd
Show file tree

Hide file tree

Showing 5 changed files with 245 additions and 349 deletions.
diff --git a/bin/internal.js b/bin/internal.js
@@ -2,12 +2,12 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-const config = require('../lib/config').getProperties();
+const configuration = require('../lib/config');
 const db = require('../lib/db');
 const logger = require('../lib/logging')('bin.internal');
 const server = require('../lib/server/internal').create();
 
-logger.debug('config', config);
+logger.debug('config', JSON.stringify(JSON.parse(configuration.toString())));
 db.ping().done(function() {
   server.start(function() {
     logger.info('listening', server.info.uri);

diff --git a/bin/server.js b/bin/server.js
@@ -2,13 +2,13 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-const config = require('../lib/config').getProperties();
+const configuration = require('../lib/config');
 const db = require('../lib/db');
 const logger = require('../lib/logging')('bin.server');
 const server = require('../lib/server').create();
 const events = require('../lib/events');
 
-logger.debug('config', config);
+logger.debug('config', JSON.stringify(JSON.parse(configuration.toString())));
 db.ping().done(function() {
   server.start(function() {
     logger.info('listening', server.info.uri);

diff --git a/lib/config.js b/lib/config.js
@@ -219,6 +219,7 @@ const conf = convict({
     },
     password: {
       default: '',
+      sensitive: true,
       env: 'MYSQL_PASSWORD'
     },
     database: {
@@ -255,11 +256,13 @@ const conf = convict({
     key: {
       doc: 'Private JWK to sign id_tokens',
       default: {},
+      sensitive: true,
       env: 'FXA_OPENID_KEY'
     },
     oldKey: {
       doc: 'The previous public key that was used to sign id_tokens',
       default: {},
+      sensitive: true,
       env: 'FXA_OPENID_OLDKEY'
     },
     issuer: {
@@ -349,6 +352,7 @@ const conf = convict({
   sentryDsn: {
     doc: 'Sentry DSN for error and log reporting',
     default: '',
+    sensitive: true,
     format: 'String',
     env: 'SENTRY_DSN'
   }
@@ -360,7 +364,7 @@ var files = (envConfig + ',' + process.env.CONFIG_FILES)
 conf.loadFile(files);
 
 var options = {
-  strict: true
+  allowed: 'strict'
 };
 
 conf.validate(options);