[DELTASPIKE-382] mask out passwords and other credentials in our Configuration logs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.4
Fix Version/s: 0.5
Component/s: Configuration
Labels:
None

Description

Our configuration mechanism currently logs all the configured values.
This makes it hard to use it for passwords and stuff.

I suggest we introduce some specific prefix property to configure configs which contain sensitive information.

For the key 'some.random.password' this could look like:

deltaspike_config.mask.some.random.password=true

In the log we would in this case just output the information whether and where we did find some value, but not print the details for all configs which start with all of the configured masks.

I'm not yet sure though how to configure this best. Suggestions appreciated!

Attachments

Activity

People

Assignee:: Mark Struberg

Reporter:: Mark Struberg

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 13/Jun/13 14:30

Updated:: 20/Mar/14 07:44

Resolved:: 03/Jul/13 05:13