redacted keys/token in backend config debug log

2021-08-04 22:56:18 +02:00 · 2021-08-04 22:56:18 +02:00 · 5a11d14082
commit 5a11d14082
parent 0936d864a4
14 changed files with 124 additions and 32 deletions
--- a/internal/backend/swift/config.go
+++ b/internal/backend/swift/config.go
@ -24,12 +24,12 @@ type Config struct {
 	TrustID        string

 	StorageURL string
-	AuthToken  string
+	AuthToken  options.SecretString

 	// auth v3 only
 	ApplicationCredentialID     string
 	ApplicationCredentialName   string
-	ApplicationCredentialSecret string
+	ApplicationCredentialSecret options.SecretString

 	Container              string
 	Prefix                 string
@ -111,11 +111,9 @@ func ApplyEnvironment(prefix string, cfg interface{}) error {
 		// Application Credential auth
 		{&c.ApplicationCredentialID, prefix + "OS_APPLICATION_CREDENTIAL_ID"},
 		{&c.ApplicationCredentialName, prefix + "OS_APPLICATION_CREDENTIAL_NAME"},
-		{&c.ApplicationCredentialSecret, prefix + "OS_APPLICATION_CREDENTIAL_SECRET"},

 		// Manual authentication
 		{&c.StorageURL, prefix + "OS_STORAGE_URL"},
-		{&c.AuthToken, prefix + "OS_AUTH_TOKEN"},

 		{&c.DefaultContainerPolicy, prefix + "SWIFT_DEFAULT_CONTAINER_POLICY"},
 	} {
@ -123,5 +121,16 @@ func ApplyEnvironment(prefix string, cfg interface{}) error {
 			*val.s = os.Getenv(val.env)
 		}
 	}
+	for _, val := range []struct {
+		s   *options.SecretString
+		env string
+	}{
+		{&c.ApplicationCredentialSecret, prefix + "OS_APPLICATION_CREDENTIAL_SECRET"},
+		{&c.AuthToken, prefix + "OS_AUTH_TOKEN"},
+	} {
+		if val.s.String() == "" {
+			*val.s = options.NewSecretString(os.Getenv(val.env))
+		}
+	}
 	return nil
 }