AlinsRan opened a new pull request, #13347: URL: https://github.com/apache/apisix/pull/13347
## Summary The `data-mask` plugin masks sensitive fields in request data (query parameters, headers, and request body) before they appear in access logs or logger plugin outputs. This protects sensitive information such as passwords, tokens, and API keys from being logged. ## Features - **Three masking actions**: `remove` (delete the field), `replace` (substitute with a fixed value), `regex` (apply a regex substitution) - **Three field types**: `query` (URL query parameters), `header` (HTTP headers), `body` (request body) - **Body formats**: `json` (supports JSONPath expressions for nested fields) and `urlencoded` - Configurable body size limit and max form field count ## Example ```shell admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') curl http://127.0.0.1:9180/apisix/admin/routes/1 -X PUT -H "X-API-KEY: ${admin_key}" -d '{ "uri": "/api", "plugins": { "data-mask": { "request": [ { "type": "query", "name": "password", "action": "remove" }, { "type": "query", "name": "token", "action": "replace", "value": "*****" } ] }, "http-logger": { "uri": "http://127.0.0.1:9090/log"; } }, "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:1980": 1 } } }' ``` A request to `/api?password=secret&token=abc123` will be logged with the password removed and the token replaced by `*****`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
