Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't log passwords on start #463

Merged
merged 2 commits into from
Feb 19, 2018
Merged

Don't log passwords on start #463

merged 2 commits into from
Feb 19, 2018

Conversation

jvassev
Copy link
Contributor

@jvassev jvassev commented Feb 11, 2018

The two passwords configurable as flags (for infoblox and dyn) are
masked now and not logged.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 11, 2018
@hjacobs
Copy link
Contributor

hjacobs commented Feb 11, 2018

Thanks!

@linki
Copy link
Member

linki commented Feb 12, 2018

@jvassev Thanks for spotting and fixing this!

It works but how about this approach: Add a String() method to the Config struct that pretty-prints the config data similar to now but leaves out the offending fields. This way the concern about hiding fields is close to the struct itself and main.go can be left unchanged.

@jvassev
Don't log passwords on start
28d5d05 
The two passwords configurable as flags (for infoblox and dyn) are
masked now and not logged.
@jvassev
Copy link
Contributor Author

jvassev commented Feb 12, 2018

@linki good suggestion, looks a lot cleaner now. String() still uses %+v on a copy to skip a boring implementation.

@linki linki added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 19, 2018
@linki linki merged commit 02f8339 into kubernetes-sigs:master Feb 19, 2018
@linki
Copy link
Member

linki commented Feb 19, 2018

Thanks @jvassev

@jvassev jvassev deleted the dont-log-passwords branch February 19, 2018 20:10
grimmy pushed a commit to grimmy/external-dns that referenced this pull request Apr 10, 2018
@jvassev @linki
Don't log passwords on start (kubernetes-sigs#463)
5ad3942 
* Don't log passwords on start

The two passwords configurable as flags (for infoblox and dyn) are
masked now and not logged.

* docs: add masking sensitive data in logs to changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jvassev @hjacobs @linki @k8s-ci-robot