datadog-agent icon indicating copy to clipboard operation
datadog-agent copied to clipboard
verified publisher icon DataDog

Do not scrub entirely api key when used in secrets

Open pgimalac opened this issue 1 year ago • 0 comments

What does this PR do?

Avoid scrubbing entirely the API and APP keys (we want to keep the last characters so that they are identifiable).

Motivation

When some config key is obtained from a secret, it is added to the scrubber rules so that it is known as a secret. The added rule entirely scrubs out the secret, overwriting any default scrubbing. For API and APP keys though, we want to keep the last characters so that they can be identified.

Additional Notes

Could not find a proper way to implement it without just refactoring the whole scrubber. Hardcoding the exception for api_key and app_key was the easiest workaround.

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

Covered by unit tests.

pgimalac avatar Mar 05 '24 17:03 pgimalac