Commit 5c79c68e authored by Stan Hu's avatar Stan Hu

Filter any parameters ending with "key" in logs

Rails does a partial match for strings in the filter_parameters
configuration, so the parameter "key" causes "key_id" to be filtered
even though it's a useful parameter for debugging internal API issues.

We now revise this filter to make any parameter ending with "key" is
filtered.

Relates to https://gitlab.com/gitlab-com/gl-infra/production/issues/463
parent e91dc8f4
---
title: Filter any parameters ending with "key" in logs
merge_request: 21688
author:
type: changed
......@@ -85,6 +85,7 @@ module Gitlab
# - Any parameter ending with `token`
# - Any parameter containing `password`
# - Any parameter containing `secret`
# - Any parameter ending with `key`
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
# - Build traces (:trace)
......@@ -92,15 +93,13 @@ module Gitlab
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
# - File content from Web Editor (:content)
config.filter_parameters += [/token$/, /password/, /secret/]
config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
config.filter_parameters += %i(
certificate
encrypted_key
hook
import_url
key
otp_attempt
sentry_dsn
trace
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment