Make redaction of common keys in diagnostics case insensitive #6109
Conversation
andrzej-stencel
added
backport-8.x
|
Should this be backported into 8.16? I marked this as an "enhancement", but maybe it is a bug fix? |
pierrehilbert
added
the
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
|
AFAICT unit-test fail because otel collector never reports healthy (unrelated to this PR) and the serverless ones are due to the BK agent (Error: error creating test runner: error checking region setting: Non-201 status code returned by server: 503)?! |
I agree, this feels more like a bug than an enhancement. Added backport labels and bug label instead of enhancement. |
|
@andrzej-stencel Please add a changelog fragment to this PR using https://github.com/elastic/elastic-agent-changelog-tool. Thanks! |
|
* Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f)
* Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f)
* Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f)
…#6198) * Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f) Co-authored-by: Andrzej Stencel <[email protected]>
…#6196) * Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f) Co-authored-by: Andrzej Stencel <[email protected]>
…#6197) * Make common key redaction case insensitive * add changelog entry * change to bug fix --------- Co-authored-by: Shaunak Kashyap <[email protected]> (cherry picked from commit 8939f0f) Co-authored-by: Andrzej Stencel <[email protected]>
What does this PR do?
Changes the redaction of common keys like "password" to be case insensitive. This means keys like "PASSWORD" and "PassWord" will also be redacted.
Why is it important?
To prevent leaking secrets into diagnostics.
Checklist
[ ] I have commented my code, particularly in hard-to-understand areas[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files./changelog/fragmentsusing the changelog tool[ ] I have added an integration test or an E2E testDisruptive User Impact
This may cause keys that were previously not redacted to be redacted after the change. For example, the "Key" substring may be common in configuration keys that don't need redaction.
How to test this PR locally