From 3aa57c2f573227a4adc5c28d48861cbeb4018a1e Mon Sep 17 00:00:00 2001 From: Oleksii Syniakov <1282756+osyniakov@users.noreply.github.com> Date: Wed, 4 Mar 2026 12:01:52 +0100 Subject: [PATCH] Redact sensitive information in developer API debug output. Closes #6132 --- .../quickwit-serve/src/developer_api/server.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/quickwit/quickwit-serve/src/developer_api/server.rs b/quickwit/quickwit-serve/src/developer_api/server.rs index 3c8a0dd0982..680953f0509 100644 --- a/quickwit/quickwit-serve/src/developer_api/server.rs +++ b/quickwit/quickwit-serve/src/developer_api/server.rs @@ -76,10 +76,14 @@ impl DeveloperService for DeveloperApiServer { let cluster_snapshot = self.cluster.snapshot().await; + // We must redact sensitive information such as credentials. + let mut node_config = (*self.node_config).clone(); + node_config.redact(); + let mut debug_info = json!({ "build_info": BuildInfo::get(), "runtime_info": RuntimeInfo::get(), - "node_config": self.node_config, + "node_config": node_config, "cluster_membership_info": json!({ "ready_nodes": cluster_snapshot.ready_nodes, "live_nodes": cluster_snapshot.live_nodes, @@ -137,7 +141,10 @@ mod tests { .await .unwrap(); - let node_config = Arc::new(NodeConfig::for_test()); + let mut node_config = NodeConfig::for_test(); + node_config.metastore_uri = + quickwit_common::uri::Uri::for_test("postgresql://username:password@db"); + let node_config = Arc::new(node_config); let developer_api_server = DeveloperApiServer { node_config, @@ -155,6 +162,11 @@ mod tests { assert!(debug_info["node_config"].is_object()); assert!(debug_info["cluster_membership_info"].is_object()); + assert_eq!( + debug_info["node_config"]["metastore_uri"], + "postgresql://username:***redacted***@db" + ); + // TODO: Test control plane and ingester debug info. } }