shreemaan-abhishek opened a new pull request, #13389: URL: https://github.com/apache/apisix/pull/13389
### Description The Redis-backed session storage introduced in 3.16.0 added a `session.redis.password` field on the `openid-connect` plugin schema. Unlike `client_secret`, this field was not part of `encrypt_fields`, so the Redis password was persisted in plaintext in etcd. That value is also visible in etcd backups, snapshots, and diagnostic exports. This PR brings `session.redis.password` under the same data-encryption path that already covers `client_secret` and `client_rsa_private_key`. No schema or API surface changes are required, only the encryption metadata. ### Type of change - [x] Bug fix (non-breaking change which fixes an issue) ### Changes - `apisix/plugins/openid-connect.lua`: add `"session.redis.password"` to `encrypt_fields`. - `t/plugin/openid-connect2.t`: new TEST 21 that creates a route with `session.storage = "redis"` and a Redis password, then asserts the value round-trips plaintext through the Admin API and is stored encrypted in etcd (parallel to the existing TEST 20 for `client_rsa_private_key`). ### Checklist - [x] I have rebased to the latest master. - [x] I have added tests to cover my changes. - [ ] I have updated the documentation (no user-facing doc changes; the field is unchanged from the user's perspective). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
