datadog-agent
datadog-agent copied to clipboard
Do not scrub entirely api key when used in secrets
What does this PR do?
Avoid scrubbing entirely the API and APP keys (we want to keep the last characters so that they are identifiable).
Motivation
When some config key is obtained from a secret, it is added to the scrubber rules so that it is known as a secret. The added rule entirely scrubs out the secret, overwriting any default scrubbing. For API and APP keys though, we want to keep the last characters so that they can be identified.
Additional Notes
Could not find a proper way to implement it without just refactoring the whole scrubber.
Hardcoding the exception for api_key and app_key was the easiest workaround.
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Covered by unit tests.