redact settings containing 'secret' besides 'password'

Ensure that settings with the word 'secret' in the name are redacted just as ones with 'password' in the name are. For example, the Google Auth client secret should be redacted now.
2025-02-25 18:55:37 -06:00 · 2016-03-01 13:50:45 -05:00 · 2016-03-01 13:50:45 -05:00 · d557beb5f1
commit d557beb5f1
parent 2cf1193b56
1 changed files with 7 additions and 2 deletions
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -169,6 +169,11 @@ func ToAbsUrl(relativeUrl string) string {
 	return AppUrl + relativeUrl
 }

+func shouldRedactKey(s string) bool {
+	uppercased := strings.ToUpper(s)
+	return strings.Contains(uppercased, "PASSWORD") || strings.Contains(uppercased, "SECRET")
+}
+
 func applyEnvVariableOverrides() {
 	appliedEnvOverrides = make([]string, 0)
 	for _, section := range Cfg.Sections() {
@ -180,7 +185,7 @@ func applyEnvVariableOverrides() {

 			if len(envValue) > 0 {
 				key.SetValue(envValue)
-				if strings.Contains(envKey, "PASSWORD") {
+				if shouldRedactKey(envKey) {
 					envValue = "*********"
 				}
 				appliedEnvOverrides = append(appliedEnvOverrides, fmt.Sprintf("%s=%s", envKey, envValue))
@ -197,7 +202,7 @@ func applyCommandLineDefaultProperties(props map[string]string) {
 			value, exists := props[keyString]
 			if exists {
 				key.SetValue(value)
-				if strings.Contains(keyString, "password") {
+				if shouldRedactKey(keyString) {
 					value = "*********"
 				}
 				appliedCommandLineProperties = append(appliedCommandLineProperties, fmt.Sprintf("%s=%s", keyString, value))