On Thu, 26 Feb 2026 14:25:37 GMT, r1viollet <[email protected]> wrote:
>> Erik Gahlin has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Only use ' ' as a delimiter for Java arguments
>
> src/hotspot/share/jfr/periodic/jfrRedactedEvents.cpp line 118:
>
>> 116: }
>> 117:
>> 118: void JfrRedactedEvents::add_default_filters(StringArray* target, bool
>> argument) {
>
> I do not think there is a risk in adding more considering you added a
> mechanism to override these defaults.
> - certificates or even paths to certificates are not something we want to
> capture: `cert`
> - signing keys or anything containing signing: `signing`
> - encryption strings: `encryption`
> - access is also used to describe some secrets: `access`
> - Jason web tokens: `jwt`
> - <optional> bearer might be interesting to add, though it is associated to
> token, so we should be already covered.
Thanks for the feedback!
I'm reluctant to add `*access*` due JVM option `--illegal-access` which could
be useful for troubleshooting. Maybe the default can be qualified, e.g.
`redact-key=*access*key*?`
Bearer can be skipped when we have `*token*`. Jason web tokens makes sense to
add.
Do you have examples of the others (signing, encryption and cert), do we need
it for keys or argument? Does it need to be qualified?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29736#discussion_r3235019464
