Do not log signature-provider private keys #154
Conversation
jglanz
left a comment
jglanz
left a comment
There was a problem hiding this comment.
Should we move all of this to fc::log for reusability? Also, as we have the key prefixes available, should this be 1 large or several small regex patterns. Potentially part of a storage shim could be a std::regex exp_key_string_pattern?
I'm fine approving this as is, but want to get your perspective on the above first
| auto mask_private = [](const string& v) -> std::string { | ||
| if (auto parts = fc::split(v, ','); parts.size() > 1) { | ||
| return std::accumulate(std::next(parts.begin()), std::prev(parts.end()), parts[0], | ||
| [](const string& acc, const string& part) { return acc + "," + part; }) + ",***"; | ||
| } | ||
| return "***"s; | ||
| }; |
There was a problem hiding this comment.
Should we move all of this to fc::log for reusability? Also, as we have the key prefixes available, should this be 1 large or several small regex patterns. Potentially part of a storage shim could be a std::regex exp_key_string_pattern?
There was a problem hiding this comment.
We could move it to fc::log. To do so would require a key pattern, as you suggest, to make it generic. Since this is currently only used here I don't see the point.
Mask private keys in logging of
signature-provider.