Remove secrets from settings API endpoint #479

josecelano · 2024-02-09T11:03:10Z

These fields:

data.tracker.token
data.database.connect_url
data.mail.password
data.auth.secret_key

are replaced with asterisks. Final output:

{
  "log_level": "info",
  "website": {
    "name": "Torrust"
  },
  "tracker": {
    "url": "udp://localhost:6969",
    "mode": "Public",
    "api_url": "http://localhost:1212",
    "token": "***",
    "token_valid_seconds": 7257600
  },
  "net": {
    "port": 3001,
    "base_url": null
  },
  "auth": {
    "email_on_signup": "Optional",
    "min_password_length": 6,
    "max_password_length": 64,
    "secret_key": "***"
  },
  "database": {
    "connect_url": "***"
  },
  "mail": {
    "email_verification_enabled": false,
    "from": "example@email.com",
    "reply_to": "noreply@email.com",
    "username": "",
    "password": "***",
    "server": "",
    "port": 25
  },
  "image_cache": {
    "max_request_timeout_ms": 1000,
    "capacity": 128000000,
    "entry_size_limit": 4000000,
    "user_quota_period_seconds": 3600,
    "user_quota_bytes": 64000000
  },
  "api": {
    "default_torrent_page_size": 10,
    "max_torrent_page_size": 30
  },
  "tracker_statistics_importer": {
    "torrent_info_update_interval": 3600,
    "port": 3002
  }
}

These fields: - data.tracker.token - data.database.connect_url - data.mail.password - data.auth.secret_key are replaced with asterisks.

josecelano · 2024-02-09T11:57:45Z

ACK e341e98

josecelano had a problem deploying to coverage February 9, 2024 11:03 — with GitHub Actions Failure

josecelano added the Security Publicly Connected to Security label Feb 9, 2024

josecelano added this to the v3.0.0 milestone Feb 9, 2024

josecelano linked an issue Feb 9, 2024 that may be closed by this pull request

Remove secrets from API config endpoint? #424

Closed

josecelano self-assigned this Feb 9, 2024

josecelano requested review from da2ce7 and mickvandijke February 9, 2024 11:03

josecelano force-pushed the 424-remove-secrets-from-api-config-endpoint branch from a4ff205 to e108532 Compare February 9, 2024 11:38

josecelano temporarily deployed to coverage February 9, 2024 11:38 — with GitHub Actions Inactive

feat: [torrust#424] remove secrets from settings API endpoint

e341e98

These fields: - data.tracker.token - data.database.connect_url - data.mail.password - data.auth.secret_key are replaced with asterisks.

josecelano force-pushed the 424-remove-secrets-from-api-config-endpoint branch from e108532 to e341e98 Compare February 9, 2024 11:57

josecelano temporarily deployed to coverage February 9, 2024 11:57 — with GitHub Actions Inactive

josecelano merged commit 286d9cf into torrust:develop Feb 9, 2024
11 of 13 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove secrets from settings API endpoint #479

Remove secrets from settings API endpoint #479

josecelano commented Feb 9, 2024 •

edited

Loading

josecelano commented Feb 9, 2024

Remove secrets from settings API endpoint #479

Remove secrets from settings API endpoint #479

Conversation

josecelano commented Feb 9, 2024 • edited Loading

josecelano commented Feb 9, 2024

josecelano commented Feb 9, 2024 •

edited

Loading