This repository has been archived by the owner on May 12, 2021. It is now read-only.
Redact private key from startup output #934
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously we did this output *before* adding the keys to the config, but recently there were changes made that required the keys to be added to the config before the config was finished. This meant that the config being output contained private keys, which seems like a major security hazard for debugging. This commit changes the code so that we make a copy of the full config, set `redactedConfig.keys.private = null`, and then output the redacted configuration safely without any secrets exposed.
|
I'm going to quick-merge this because:
|
|
Just noticed this was fixed, thanks! 🎉 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously we did this output before adding the keys to the config,
but recently there were changes made that required the keys to be added
to the config before the config was finished. This meant that the config
being output contained private keys, which seems like a major security
hazard for debugging.
This commit changes the code so that we make a copy of the full config,
set
redactedConfig.keys.private = null, and then output the redactedconfiguration safely without any secrets exposed.
Resolves #933