Commit c1c7c9c

authored

don't log secrets even with debug logging enabled (#71)

1 parent a38c356 commit c1c7c9cCopy full SHA for c1c7c9c

File tree

-1

lines changed

-1

lines changed

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func (v *VaultSecrets) GetSecretsForTarget(name string) (map[string]string, erro`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`zap.L().Debug("found secrets in vault",`
`90`		`- zap.Any("secret", secret))`
	`90`	`+ zap.Strings("secret", keys(env)))`
`91`	`91`
`92`	`92`	`return env, nil`
`93`	`93`	`}`
`@@ -152,6 +152,13 @@ func kvToMap(version int, data map[string]interface{}) (env map[string]string, e`
`152`	`152`	`return`
`153`	`153`	`}`
`154`	`154`
	`155`	`+func keys(m map[string]string) (k []string) {`
	`156`	`+ for x := range m {`
	`157`	`+ k = append(k, x)`
	`158`	`+ }`
	`159`	`+ return`
	`160`	`+}`
	`161`	`+`
`155`	`162`	`// because Vault has no way to know if a kv engine is v1 or v2, we have to check`
`156`	`163`	`// for the /config path and if it doesn't exist, attempt to LIST the path, if`
`157`	`164`	`// that succeeds, it's a v1, if it doesn't succeed, it might still be a v1 but`

Comments

(0)