node-convict icon indicating copy to clipboard operation
node-convict copied to clipboard

Published 20 hours ago verified publisher icon mozilla

.get() could optionally redact sensitive configs

Open zuzak opened this issue 5 years ago • 4 comments

The sensitive property is nice. However, at the moment it only gets used when you call .toString() on the entire schema.

It would be really nice if I could optionally redact on .get():

console.log(config.get('password')) // "hunter2"
console.log(config.get('password', true)) // "[Sensitive]"

or otherwise expose the sensitivity of a cvar somehow, so I can check whether the configuration variable is sensitive prior to disclosure to a user.

zuzak avatar Aug 15 '19 12:08 zuzak

:+1: for this functionality

madarche avatar Aug 15 '19 12:08 madarche

If you add "[Sensitive]" on get, this should be also on getProperties. Or: if (config.getSchema().password.sensitive) {}

A-312 avatar Apr 11 '20 05:04 A-312

console.log on the entire instance also exposes values, also JSON.stringify(instance) be nice if this wasn't the case.

BenPatterson2 avatar Apr 14 '20 18:04 BenPatterson2

Recently ran into this issue where a config was logged with secrets included in prod and came up with a solution to this here. Leaving this mini npm package here in case anyone finds it useful

austinwoon avatar Mar 25 '23 10:03 austinwoon