Change key config to `Password` type.
mashhurs opened this issue · 0 comments
mashhurs commented
Issue description
When --debug
is enabled, there might be a key leak in the debug log in Logstash-code.
How to reproduce?
# config
Config:
input {
stdin {}
}
filter {
fingerprint {
key => "super-secret"
}
}
output {
stdout {
codec => rubydebug
}
}
# Log before change
[2022-12-05T11:15:06,403][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"fingerprint", :type=>"filter", :class=>LogStash::Filters::Fingerprint}
[2022-12-05T11:15:06,406][DEBUG][logstash.filters.fingerprint] config LogStash::Filters::Fingerprint/@key = "super-secret"