fix: mask sensetive data in debug output

Signed-off-by: Yaroslav Pershin <[email protected]>

Author: iapershin

server/path_configure.go

@@ -2,6 +2,7 @@ package server
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 
 	"github.com/fatih/structs"
@@ -216,3 +217,29 @@ func putConfiguration(ctx context.Context, storage logical.Storage, config *conf
 func deleteConfiguration(ctx context.Context, storage logical.Storage) error {
 	return storage.Delete(ctx, storageKeyConfiguration)
 }
+
+func (c *configuration) maskConfigSensetiveDataForDebug() (string, error) {
+	jsonData, err := json.Marshal(c)
+	if err != nil {
+		return "", err
+	}
+
+	var configMap map[string]interface{}
+	if err := json.Unmarshal(jsonData, &configMap); err != nil {
+		return "", err
+	}
+
+	sensitiveKeys := []string{"s3_secret_access_key", "s3_access_key_id"}
+	for _, key := range sensitiveKeys {
+		if _, exists := configMap[key]; exists {
+			configMap[key] = "******"
+		}
+	}
+
+	maskedJSON, err := json.MarshalIndent(configMap, "", "  ")
+	if err != nil {
+		return "", err
+	}
+
+	return string(maskedJSON), nil
+}

server/periodic.go

@@ -2,7 +2,6 @@ package server
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"strconv"
 	"time"
@@ -55,8 +54,8 @@ func (b *Backend) Periodic(ctx context.Context, req *logical.Request) error {
 	}
 
 	{
-		cfgData, err := json.MarshalIndent(config, "", "  ")
-		b.Logger().Debug(fmt.Sprintf("Got configuration (err=%v):\n%s", err, string(cfgData)))
+		cfgData, err := config.maskConfigSensetiveDataForDebug()
+		b.Logger().Debug(fmt.Sprintf("Got configuration (err=%v):\n%s", err, cfgData))
 	}
 
 	opts := config.RepositoryOptions()