In cases where a database is used for session storage, redact the session_provider config value. I assumed "@" as the marker for a database vs file/memory.
@@ -17,7 +17,7 @@ func AdminGetSettings(c *middleware.Context) {
for _, key := range section.Keys() {
keyName := key.Name()
value := key.Value()
- if strings.Contains(keyName, "secret") || strings.Contains(keyName, "password") {
+ if strings.Contains(keyName, "secret") || strings.Contains(keyName, "password") || (strings.Contains(keyName, "provider_config") && strings.Contains(value, "@")) {
value = "************"
}
Haneysmith, Nathan