node-convict
node-convict copied to clipboard
.get() could optionally redact sensitive configs
The sensitive
property is nice.
However, at the moment it only gets used when you call .toString()
on the entire schema.
It would be really nice if I could optionally redact on .get()
:
console.log(config.get('password')) // "hunter2"
console.log(config.get('password', true)) // "[Sensitive]"
or otherwise expose the sensitivity of a cvar somehow, so I can check whether the configuration variable is sensitive prior to disclosure to a user.
:+1: for this functionality
If you add "[Sensitive]"
on get
, this should be also on getProperties
. Or: if (config.getSchema().password.sensitive) {}
console.log on the entire instance also exposes values, also JSON.stringify(instance) be nice if this wasn't the case.
Recently ran into this issue where a config was logged with secrets included in prod and came up with a solution to this here. Leaving this mini npm package here in case anyone finds it useful