New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mask sensitive values #602
Comments
toString()
ing config or using config.util.toObject()
@matthewadams Can you say more about your threat model you have in mind where this change makes a meaningful difference in security? In the example you gave about, the database password is in plain text in a test script. Do you have an environment where the people who have access to the test output are different that the people who have access to the tests? In my experience this always been the same group of people. Also, doesn't it reduce security to duplicate the storage of sensitive database passwords in the system just to check to see if the live database passwords match? In our system, most developers who access to the test suite don't have access to the production database password at all because they don't need it. In your model, how are your database passwords secured before they get into the config system? |
I can attest to the value of having a generic toObject() mask sensitive values. In our production environment we log the end state of merging, and we don't want sensitive values indexed by our log indexer, for all to see. We do this masking in our logging library, but I can see a value of it in the config library - so all general purpose output of configs have these masks. |
@markstos, what @lorenwest said. This feature request aims to prevent the mindless, boneheaded propensity that some developers have to just I'd rather just opt in to the new feature via |
After reading the feedback, this proposal seems sounds if someone wants to implement it. |
https://stackoverflow.com/search?q=%5Bnode-config%5D+mask yields no results as of this writing.
https://github.com/lorenwest/node-config/issues?q=is%3Aissue+mask yields two irrelevant results as of this writing.
I'm submitting a ...
What is the current behavior?
What is the expected behavior?
config
should mask with***
by default any values deemed "sensitive". The question is, what's the mechanism by which a user indicates toconfig
that a value is "sensitive"?I'm thinking that
config
could support another config file with a fixed name, similar tocustom-environment-variables.json
, that would allow a user to specify those values that are sensitive and should be masked when retrieved, unless explicitly retrieved unmasked.In order to preserve backward compatibility, a new environment variable called
NODE_CONFIG_MASK_SENSITIVES
could be supported, similar to those at https://github.com/lorenwest/node-config/wiki/Environment-Variables. If set, the behavior would cause sensitive values to be masked. It would default to unset, of course.Example:
custom-environment-variables.json
:sensitive-variables.json
:default.json
:Test code demonstrating requirements:
Please tell us about your environment:
3.3.1
v12.14.0
Other information
n/a
The text was updated successfully, but these errors were encountered: