SolarEdgeTech/pyctuator

Allow scrubbing of http trace request headers (e.g. authorization)

mxab opened this issue · 3 comments

mxab commented

Hi,
I noticed that the http traces contain all headers. I think this is problematic as they may contain sensitive data like authorization headers.

Would be great if we could provide some kind of regex similar to the environment var scrubbing that redacts some data.

This is a great idea.
Pyctuator already scrubs secrets from environment variables and configuration. Its a best-effort based on the name of the variable.
I think it should be easy to use the same scrubber for headers as well, I'm thinking about starting with scrubbing anything with "authorization" or "authentication".
Are there other interesting headers you had in mine?
Thanks,
Michael

mxab commented

@michaelyaakoby I started on that, see the PR. Let me know if there would be a better way

Thanks @mxab , merged.