Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ref(token): Use secrecy crate to store auth token #2116

Merged
merged 2 commits into from
Aug 1, 2024
Merged

ref(token): Use secrecy crate to store auth token #2116

merged 2 commits into from
Aug 1, 2024

Conversation

szokeasaurusrex
Copy link
Member

Using the secrecy crate prevents the auth token from accidentally being leaked if we log the AuthToken struct.

@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-secrecy branch from 9c4c9e7 to f94d50c Compare August 1, 2024 13:35
@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-security branch from d594ae1 to 2665d8a Compare August 1, 2024 13:35
@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-secrecy branch 2 times, most recently from 1b6af57 to 0301966 Compare August 1, 2024 14:33
@szokeasaurusrex
test(tokens): Add test to ensure tokens redacted
35547f7 
The test ensures that when the CLI args are echoed back, anything which might reasonably be an auth token is redacted.
@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-security branch from b55b354 to 35547f7 Compare August 1, 2024 14:36
@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-secrecy branch from 0301966 to 568aacd Compare August 1, 2024 14:36
Swatinem
Swatinem approved these changes Aug 1, 2024
View reviewed changes
Copy link
Member

@Swatinem Swatinem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea

@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-security branch from 35547f7 to 3d05326 Compare August 1, 2024 15:52
Base automatically changed from szokeasaurusrex/auth-token-security to master August 1, 2024 15:55
@szokeasaurusrex
ref(token): Use secrecy crate to store auth token
28026ee 
Using the secrecy crate prevents the auth token from accidentally being leaked if we log the `AuthToken` struct.
@szokeasaurusrex szokeasaurusrex force-pushed the szokeasaurusrex/auth-token-secrecy branch from 568aacd to 28026ee Compare August 1, 2024 15:55
@szokeasaurusrex szokeasaurusrex enabled auto-merge (squash) August 1, 2024 15:56
@szokeasaurusrex szokeasaurusrex enabled auto-merge (squash) August 1, 2024 15:57
@szokeasaurusrex szokeasaurusrex merged commit 8b89630 into master Aug 1, 2024
14 checks passed
@szokeasaurusrex szokeasaurusrex deleted the szokeasaurusrex/auth-token-secrecy branch August 1, 2024 15:58
@loewenheim
Copy link
Contributor

Very nice, TIL.

@mezotv mezotv mentioned this pull request Aug 24, 2024
Closed
This was referenced Sep 10, 2024
Closed
Closed
@EmmanuelDemey EmmanuelDemey mentioned this pull request Sep 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdtro mdtro mdtro approved these changes

@Swatinem Swatinem Swatinem approved these changes

@loewenheim loewenheim Awaiting requested review from loewenheim

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@szokeasaurusrex @loewenheim @Swatinem @mdtro