DeltaSpike
  1. DeltaSpike
  2. DELTASPIKE-382

mask out passwords and other credentials in our Configuration logs

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.4
    • Fix Version/s: 0.5
    • Component/s: Configuration
    • Labels:
      None

      Description

      Our configuration mechanism currently logs all the configured values.
      This makes it hard to use it for passwords and stuff.

      I suggest we introduce some specific prefix property to configure configs which contain sensitive information.

      For the key 'some.random.password' this could look like:

      deltaspike_config.mask.some.random.password=true

      In the log we would in this case just output the information whether and where we did find some value, but not print the details for all configs which start with all of the configured masks.

      I'm not yet sure though how to configure this best. Suggestions appreciated!

        Activity

        Mark Struberg created issue -
        Mark Struberg made changes -
        Field Original Value New Value
        Summary mask out passwords and other credentials mask out passwords and other credentials in our Configuration logs
        Mark Struberg made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Gerhard Petracek made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Mark Struberg
            Reporter:
            Mark Struberg
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development