Mask passwords and sensitive info in task logs and UI #15599
Merged
Commits on May 4, 2021
-
Add a logging filter to mask secrets from logs
This isn't used anywhere yet, but it is the first step in not printing passwords in the logs
-
Mask secret values from connections and variables
This masks secret values in logs for Connections and Variables. It behaves as follows: - Connection passwords are always masked, where-ever they appear. This means, if a connection has a password of `a`, then _every_ `a` in log messages would get replaced with `***` - "Sensitive" keys from extra_dejson are also masked. Sensitive is defined by the "existing" mechanism that the UI used, based upon the name of the key. - "Sensitive" Variables are also masked.
-
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.