Private key [redacted] is base64 encoded in config_dump #10096
Comments
|
This is intended as how envoy redact data source, #9315 (comment) discussion during code review. @mergeconflict fyi. I suggest we can close this one and maybe have some doc if lack |
|
Just to clarify, I am only suggesting it should be Rather than |
|
@howardjohn: The trouble is that If you're interested, you could submit a change to the documentation (docs/root/operations/admin.rst) to clarify how different types are redacted. |
|
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions. |
stale
bot
added
the
stale
|
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions. |
Issue Template
Title: Private key [redacted] is base64 encoded in config_dump
Description:
A config dump shows this in the secret section
{ "name": "default", "version_info": "2020-02-19 00:17:05.818690253 +0000 UTC m=+0.461950234", "last_updated": "2020-02-19T00:17:06.063Z", "secret": { "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", "name": "default", "tls_certificate": { "certificate_chain": { "inline_bytes": "..." }, "private_key": { "inline_bytes": "W3JlZGFjdGVkXQ==" } } } },Decoding the private key shows
Not a huge issue here, but we are doing the base64 encoding after we do the redaction, which makes it look like we aren't actually redacting things.
This is not really important, seems like a cosmetic issue really, but I figured I would report it here.
cc @incfly
The text was updated successfully, but these errors were encountered: