schemachange icon indicating copy to clipboard operation
schemachange copied to clipboard

Published 20 hours ago verified publisher icon Snowflake-Labs

Redact multiline secrets

Open rwberendsen opened this issue 11 months ago • 0 comments

Problem When given a multi-line secret in the schemachange-config YAML, it would not be redacted, because just before calling SecretManager.global_redact, the config vars section would be serialised as YAML, adding leading whitespaces to the multiline secret

Proposed solution Recurse over the config vars section, and redact all strings in it, and only then serialise as YAML. When redacting multiline secrets, preserve newlines.

Minor edits added in

  • The method that was extracting secrets would crash if the value was of a type that did not have the strip() method. Added an explicit raise of a ValueError if a secret is not of type str
  • Added tests for added functionality

Notes For redacting in SQL queries nothing was changed, as indenting while rendering Jinja templates is under control of the user of schemachange.

rwberendsen avatar Mar 20 '24 09:03 rwberendsen