Redact access token before logging in setClientInfoProperty#1498
Open
sreekanth-db wants to merge 1 commit into
Open
Redact access token before logging in setClientInfoProperty#1498sreekanth-db wants to merge 1 commit into
sreekanth-db wants to merge 1 commit into
Conversation
The token-rotation block now runs before the DEBUG log line, so the access token is masked to **** before it is logged. resetAccessToken still receives the real token. Co-authored-by: Isaac Signed-off-by: Sreekanth Vadigi <sreekanth.vadigi@databricks.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reorders
DatabricksSession.setClientInfoPropertyso the access-token redaction happens before the DEBUG trace line, preventing the token value from being written to logs. The real token is still passed toresetAccessTokenfor rotation.Changes
DatabricksSession: move the token-handling block above theLOGGER.debugcall; the logged value is now masked to****.Testing
****is logged instead).Full detail tracked privately in the associated security ticket.
This pull request and its description were written by Isaac.