Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VAULT-5935 agent: redact renew-self if using auto auth #15380

Merged
merged 1 commit into from May 12, 2022
Merged

VAULT-5935 agent: redact renew-self if using auto auth #15380

merged 1 commit into from May 12, 2022

Commits on May 11, 2022

  1. VAULT-5935 agent: redact renew-self if using auto auth 

    Vault agent redacts the token and accessor for `/auth/token/lookup-self` (and `lookup`)
if the token is the auto auth token to prevent it from leaking.

Similarly, we need to redact the token and accessor from `renew-self`
and `renew`, which also leak the token and accessor.

I tested this locally by starting up a Vault agent and querying the
agent endpoints, and ensuring that the accessor and token were set to
the empty string in the response.
    Christopher Swenson committed May 11, 2022
    Copy the full SHA
    5bce0cb View commit details
    Browse the repository at this point in the history