dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Adding additional filtering options for URLs in logs

Open pr0ton11 opened this issue 4 years ago • 2 comments

What would you like to be added

In src/app/backend/handler/filter.go, the function checkSensitiveURL() checks for sensitive URLs and filters log entries potentially exposing secrets to the log.

This function could be extended by adding URLs for Kubernetes secrets, or even filtering for potential password fields.

  • /api/v1/_raw/secrets
  • filtering (for example with a regex) for exposed password fields
Why is this needed

In our use case, the dashboard exposes secrets (passwords, API keys) of user applications in the log files in plain text, because the full put request (all JSON) is logged.

Comments

pr0ton11 avatar Oct 29 '20 10:10 pr0ton11

Or an option to not log any body payload would be very useful.

flarno11 avatar Oct 30 '20 07:10 flarno11

/reopen /lifecycle frozen

floreks avatar Mar 29 '21 11:03 floreks