-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mask the cli flags related to username in the logs #6064
Comments
Hello @wasim-nihal!
If those flags are URLs, we may not have that much control over what is printed. If the URL is passed to Go standard lib function (like Have you considered adding such sanitizations to logs collector/driver instead? |
Hi @hagen1778, I do not fully understand on how username flags can be passed as URLs. What I intended here is not to support the configuration of username flags as URLs (unlike password where we can give http://). Instead, the proposed change is just to mask the flags from the logs similar to those below. Here if we see, httpAuth.password gets logged as
So, to mask such username flags at startup, the proposed solution is as follows to the file VictoriaMetrics/lib/flagutil/secret.go
Please let me know if my understanding is not right. |
Currently, flags related to the username are getting printed in the logs as plain text. In my organization
username
is treated as sensitive data and cannot be exposed.I'd like to introduce a new boolean flag
maskUsernameFlags
which when set to true will mask the content of such flags and just printsecret
. Please do let me know if this is acceptable, would be happy to open a PR.VictoriaMetrics/lib/flagutil/secret.go
Line 21 in 2d4ce05
The text was updated successfully, but these errors were encountered: