Redact sensitive values from config in health data (#12421)

The health api returns the server configuration details. Redact sensitive values from the config values like URLs and credentials.
2025-11-09 21:49:46 -05:00 · 2021-06-03 20:45:44 +05:30
parent 7a3b5235bf
commit fb140c146b
8 changed files with 73 additions and 1 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -340,6 +340,30 @@ func (c Config) ReadConfig(r io.Reader) (dynOnly bool, err error) {
 	return dynOnly, nil
 }

+// RedactSensitiveInfo - removes sensitive information
+// like urls and credentials from the configuration
+func (c Config) RedactSensitiveInfo() Config {
+	nc := c.Clone()
+
+	for configName, configVals := range nc {
+		for _, helpKV := range HelpSubSysMap[configName] {
+			if helpKV.Sensitive {
+				for name, kvs := range configVals {
+					for i := range kvs {
+						if kvs[i].Key == helpKV.Key && len(kvs[i].Value) > 0 {
+							kvs[i].Value = "*redacted*"
+						}
+					}
+					configVals[name] = kvs
+				}
+			}
+		}
+		nc[configName] = configVals
+	}
+
+	return nc
+}
+
 type configWriteTo struct {
 	Config
 	filterByKey string