(tooling-trusted-releases) 01/01: Redact sensitive configurations

wave Thu, 19 Feb 2026 10:08:52 -0800

This is an automated email from the ASF dual-hosted git repository.

wave pushed a commit to branch redaction-of-sensitive-configuration
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


commit a9d56ecb9538398d60327af2f938dd4724c70dcc
Author: Dave Fisher <[email protected]>
AuthorDate: Thu Feb 19 10:08:01 2026 -0800

    Redact sensitive configurations
---
 atr/admin/__init__.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/atr/admin/__init__.py b/atr/admin/__init__.py
index 72b0d8f0..3fd943d5 100644
--- a/atr/admin/__init__.py
+++ b/atr/admin/__init__.py
@@ -171,6 +171,8 @@ async def browse_as_post(session: web.Committer, 
browse_form: BrowseAsUserForm)
 async def configuration(session: web.Committer) -> web.QuartResponse:
     """Display the current application configuration values."""
 
+    sensitive_config_patterns = ("_PASSWORD", "_KEY", "_TOKEN", "_SECRET")
+
     conf = config.get()
     values: list[str] = []
     for name in dir(conf):
@@ -180,7 +182,7 @@ async def configuration(session: web.Committer) -> 
web.QuartResponse:
             val = getattr(conf, name)
         except Exception as exc:
             val = log.python_repr(f"error: {exc}")
-        if name.endswith("_PASSWORD"):
+        if any(pattern in name for pattern in sensitive_config_patterns):
             val = log.python_repr("redacted")
         if callable(val):
             continue


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tooling-trusted-releases) 01/01: Redact sensitive configurations

Reply via email to