Filter any parameters ending with "key" in logs
Rails does a partial match for strings in the filter_parameters configuration, so the parameter "key" causes "key_id" to be filtered even though it's a useful parameter for debugging internal API issues. We now revise this filter to make any parameter ending with "key" is filtered. Relates to https://gitlab.com/gitlab-com/gl-infra/production/issues/463
This commit is contained in:
parent
e91dc8f4ba
commit
5c79c68ee7
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Filter any parameters ending with "key" in logs
|
||||
merge_request: 21688
|
||||
author:
|
||||
type: changed
|
|
@ -85,6 +85,7 @@ module Gitlab
|
|||
# - Any parameter ending with `token`
|
||||
# - Any parameter containing `password`
|
||||
# - Any parameter containing `secret`
|
||||
# - Any parameter ending with `key`
|
||||
# - Two-factor tokens (:otp_attempt)
|
||||
# - Repo/Project Import URLs (:import_url)
|
||||
# - Build traces (:trace)
|
||||
|
@ -92,15 +93,13 @@ module Gitlab
|
|||
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
|
||||
# - Webhook URLs (:hook)
|
||||
# - Sentry DSN (:sentry_dsn)
|
||||
# - Deploy keys (:key)
|
||||
# - File content from Web Editor (:content)
|
||||
config.filter_parameters += [/token$/, /password/, /secret/]
|
||||
config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
|
||||
config.filter_parameters += %i(
|
||||
certificate
|
||||
encrypted_key
|
||||
hook
|
||||
import_url
|
||||
key
|
||||
otp_attempt
|
||||
sentry_dsn
|
||||
trace
|
||||
|
|
Loading…
Reference in New Issue