From ef79450065f25b2c0b5db8805dd35797d66f2788 Mon Sep 17 00:00:00 2001
From: Gabriel MABILLE <gamab@users.noreply.github.com>
Date: Wed, 4 Dec 2024 16:58:29 +0100
Subject: [PATCH] Settings: Redact token keyword (#97395)

* Settings: Redact token keyword

* Be more specific

* Given section is part of key, be more specific

* Fix test
---
 pkg/setting/setting.go      | 7 +++++++
 pkg/setting/setting_test.go | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
index 4cbf43e0eb7..bc26b0f7263 100644
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -599,6 +599,13 @@ func RedactedValue(key, value string) string {
 		"CLIENT_SECRET",
 		"ENTERPRISE_LICENSE",
 		"GF_ENTITY_API_DB_PASS",
+		"ID_FORWARDING_TOKEN$",
+		"AUTHENTICATION_TOKEN$",
+		"AUTH_TOKEN$",
+		"RENDERER_TOKEN$",
+		"API_TOKEN$",
+		"WEBHOOK_TOKEN$",
+		"INSTALL_TOKEN$",
 	} {
 		if match, err := regexp.MatchString(pattern, uppercased); match && err == nil {
 			return RedactedPassword
diff --git a/pkg/setting/setting_test.go b/pkg/setting/setting_test.go
index 57bce42da71..b112bd3130a 100644
--- a/pkg/setting/setting_test.go
+++ b/pkg/setting/setting_test.go
@@ -528,6 +528,12 @@ func TestRedactedValue(t *testing.T) {
 			value:    "",
 			expected: "",
 		},
+		{
+			desc:     "authentication_token",
+			key:      "my_authentication_token",
+			value:    "test",
+			expected: RedactedPassword,
+		},
 	}
 
 	for _, tc := range testCases {