Kingdom logs Expose MC API Key
Opened this issue · 1 comments
mariolamassaavedra commented
Describe the bug
When the Reporting server calls the Kingdom, the logs in the v2alpha-public-api-server-deployment print the MC's API Key which should be known only to the MC and the Reporting Server. The key is shown on the x-api-key value of the calls to the Kingdom
Steps to reproduce
- Call ListEventGroups method on the reporting server
- Locate the call in the v2alpha-public-api-server-deployment logs where the API key is printed
Component(s) affected
Kingdom - v2alpha-public-api-server-deployment
Version
0.4.2
Environment
Origin's To-be-Prod
Additional context
SanjayVas commented
Need to investigate whether this is only when verbose debug logging is enabled. We likely still don't want it to be logged even then, but at least it would mean that it's not logged in the production configuration.