Redact secrets in logArgv #511
Conversation
| if (text.length < 12) { | ||
| return "*".repeat(text.length); | ||
| } |
There was a problem hiding this comment.
what is twelve based on? Is there some sort of algorithmic guarantee that 8 couldn't be brute force guessed?
I'd imagine there's some entropy number for that you could find on OWASP
There was a problem hiding this comment.
Figured it's effectively equivalent for this exercise.
There was a problem hiding this comment.
Perfect. What i was looking for.
src/lib/formatting/redact.mjs
Outdated
| const lastFour = text.slice(-4); | ||
| const redactedLength = text.length - 4; | ||
| return "*".repeat(redactedLength) + lastFour; |
There was a problem hiding this comment.
might be good to put some of the prefix in too as they can hint to us what type of key it is.
See: https://github.com/fauna/backup-restore-frontdoor/blob/main/src/auth/constants.ts
For some examples
There was a problem hiding this comment.
Honestly, i'd rather just do the prefix and redact all the rest. that way none of the random data is displayed. its just the envelope flag.
There was a problem hiding this comment.
That won't help a user figure out what secret was used if it's not something they expect (such as an expected profile or env passing secret). How about for strings larger than 16, we keep the first and last 4 and redact the middle?
Problem
When we log argv via verbosity, we log secrets. This is probably fine, but we also want to avoid people accidentally posting secrets to github issues where they use verbosity to debug.
Solution
Add a custom stringify function that redacts the value of any key with secret or accountKey in it.
I think this is the only place we output secrets or keys.
Result
Testing
Added unit tests for
redactandredactedStringify