Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact tokens from --debug log #17625

Closed
jiasli opened this issue Apr 9, 2021 · 1 comment · Fixed by #17671
Closed

Redact tokens from --debug log #17625

jiasli opened this issue Apr 9, 2021 · 1 comment · Fixed by #17671
Assignees
@jiasli
Labels
Core CLI core infrastructure feature-request
Milestone
S187

Comments

@jiasli
Copy link
Member

jiasli commented Apr 9, 2021
edited
Loading

Context

  1. Starting from azure-core 1.13.0, Authorization header is now exposed in DEBUG log (Make NetworkTraceLoggingPolicy show the auth token in plain text azure-sdk-for-python#17424).
  2. Python SDK decided not to redact x-ms-authorization-auxiliary header (x-ms-authorization-auxiliary header should be redacted azure-sdk-for-python#17271).

Before bumping azure-core to 1.13.0, Azure CLI must adapt to azure-core's new behavior.

Proposed solutions

For tokens in Authorization and x-ms-authorization-auxiliary:

  1. Keep the current behavior and redact tokens.
  2. Expose tokens in --debug mode like the new NetworkTraceLoggingPolicy.
    1. Unconditionally do so, but redact tokens in --verbose.
    2. Make a config like az config set logging.show_tokens=True.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 9, 2021
@yonzhan yonzhan added the Core CLI core infrastructure label Apr 9, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 9, 2021
@yonzhan yonzhan added feature-request needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Apr 9, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 9, 2021
@yonzhan yonzhan modified the milestones: S186, S187 Apr 9, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Apr 9, 2021

Core

This was referenced Apr 9, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Core CLI core infrastructure feature-request
Projects
None yet
Milestone
S187
Development

Successfully merging a pull request may close this issue.

{Logging} Redact token headers from SDK HTTP log jiasli/azure-cli
2 participants
@jiasli @yonzhan