New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redact private key from startup output #934

Merged
merged 2 commits into from Feb 6, 2019

Conversation

Projects
None yet
1 participant
@christianbundy
Copy link
Member

christianbundy commented Feb 5, 2019

Previously we did this output before adding the keys to the config,
but recently there were changes made that required the keys to be added
to the config before the config was finished. This meant that the config
being output contained private keys, which seems like a major security
hazard for debugging.

This commit changes the code so that we make a copy of the full config,
set redactedConfig.keys.private = null, and then output the redacted
configuration safely without any secrets exposed.


Resolves #933

Redact private key from startup output
Previously we did this output *before* adding the keys to the config,
but recently there were changes made that required the keys to be added
to the config before the config was finished. This meant that the config
being output contained private keys, which seems like a major security
hazard for debugging.

This commit changes the code so that we make a copy of the full config,
set `redactedConfig.keys.private = null`, and then output the redacted
configuration safely without any secrets exposed.

@christianbundy christianbundy added the bug label Feb 5, 2019

@christianbundy christianbundy self-assigned this Feb 5, 2019

@christianbundy

This comment has been minimized.

Copy link
Member Author

christianbundy commented Feb 6, 2019

I'm going to quick-merge this because:

  1. it's trivial
  2. it's critical
  3. I'd feel real bad if someone leaked their key because of me

@christianbundy christianbundy merged commit 9750bc4 into master Feb 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment