Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.17](backport #4182) Redact static tokens and custom http headers #4191

Merged
merged 2 commits into from
Dec 10, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Dec 7, 2024

What is the problem this PR solves?

Static tokens and (potentially) custom http headers can expose secrets in diagnostic bundles.

How does this PR solve the problem?

Redact sensitive values within the Config.Redact() call,

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.
    This is an automatic backport of pull request Redact static tokens and custom http headers #4182 done by Mergify.

Redact sensitive values in headers and static token within the Config.Redact()

(cherry picked from commit d0993e8)

# Conflicts:
#	internal/pkg/config/config.go
@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Dec 7, 2024
@mergify mergify bot requested a review from a team as a code owner December 7, 2024 01:14
@mergify mergify bot requested a review from pkoutsovasilis December 7, 2024 01:14
@mergify mergify bot requested a review from swiatekm December 7, 2024 01:14
Copy link
Contributor Author

mergify bot commented Dec 7, 2024

Cherry-pick of d0993e8 has failed:

On branch mergify/bp/8.17/pr-4182
Your branch is up to date with 'origin/8.17'.

You are currently cherry-picking commit d0993e86.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   internal/pkg/config/config_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/config/config.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

Copy link
Contributor Author

mergify bot commented Dec 9, 2024

This pull request has not been merged yet. Could you please review and merge it @michel-laterman? 🙏

@pkoutsovasilis
Copy link

@michel-laterman just cc'ing for the CI failures 🙂

@michel-laterman michel-laterman merged commit d05ee7b into 8.17 Dec 10, 2024
8 checks passed
@michel-laterman michel-laterman deleted the mergify/bp/8.17/pr-4182 branch December 10, 2024 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport conflicts There is a conflict in the backported pull request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants