Skip to content

Redact sensitive information in developer API debug output. Closes #6132#6191

Merged
guilload merged 3 commits intoquickwit-oss:mainfrom
osyniakov:fix/mask-sensitive-credentials-in-developer-api
Mar 5, 2026
Merged

Redact sensitive information in developer API debug output. Closes #6132#6191
guilload merged 3 commits intoquickwit-oss:mainfrom
osyniakov:fix/mask-sensitive-credentials-in-developer-api

Conversation

@osyniakov
Copy link
Contributor

@osyniakov osyniakov commented Mar 4, 2026

Description

This PR fixes issue #6132 by redacting sensitive data on the developer debug API endpoint (/api/developer/debug).
Previously, the endpoint returned the full node config (including metastore connection strings with credentials, S3 secret keys, Azure access keys, etc.) in plain text. The same redaction logic used for the node config REST endpoint (/api/v1/config) is now applied here.

How was this PR tested?

Unit test.

@osyniakov
Copy link
Contributor Author

osyniakov commented Mar 4, 2026

@guilload would you have time to review? Quick security hardening for the debug API.

@guilload
Copy link
Member

guilload commented Mar 4, 2026

Awesome, thanks @osyniakov

@osyniakov
Copy link
Contributor Author

osyniakov commented Mar 5, 2026
edited
Loading

@guilload thanks for the quick review. Could you merge when you have a moment? I don't have merge rights. The branch is updated from main.

@guilload guilload merged commit c0bb6b5 into quickwit-oss:main Mar 5, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guilload guilload guilload approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@osyniakov @guilload @ncoiffier-celonis