fix: do not expose operator private key in logs or error messages (#59)

alejandroGM0 · web-flow · commit 5dec98bb551a · 2026-04-19T16:26:21.000+03:00
* fix: do not include operator private key in config error message

`parsePrivateKey` interpolated the raw key string into the
`IllegalArgumentException` message. That message is printed by Spring's
startup failure banner and ends up in container, CI and aggregated logs.
Drop the value from the message; keep the original cause for diagnostics.

Signed-off-by: Alejandro &lt;26930485+alejandroGM0@users.noreply.github.com&gt;

* fix: redact operator private key in TestConfigSource log output

`TestConfigSource` iterated all properties and logged them at INFO,
including `hiero.privateKey`. The dotenv passthrough above already
filters the key out as sensitive, so the log statement contradicted
that intent and exposed the value on every test run (including in CI
logs). Redact the value when the key is `hiero.privateKey`.

Signed-off-by: Alejandro &lt;26930485+alejandroGM0@users.noreply.github.com&gt;

---------

Signed-off-by: Alejandro &lt;26930485+alejandroGM0@users.noreply.github.com&gt;
diff --git a/hiero-enterprise-microprofile/src/test/java/org/hiero/microprofile/test/TestConfigSource.java b/hiero-enterprise-microprofile/src/test/java/org/hiero/microprofile/test/TestConfigSource.java
@@ -48,7 +48,9 @@ public TestConfigSource() {
         .filter(e -> !e.getKey().equals("hiero.network.name"))
         .forEach(e -> properties.put(e.getKey(), e.getValue()));
 
-    properties.forEach((k, v) -> log.info("CONFIG: '" + k + "'->'" + v + "'"));
+    properties.forEach(
+        (k, v) ->
+            log.info("CONFIG: '" + k + "'->'" + ("hiero.privateKey".equals(k) ? "***" : v) + "'"));
   }
 
   @Override
diff --git a/hiero-enterprise-spring/src/main/java/org/hiero/spring/implementation/HieroConfigImpl.java b/hiero-enterprise-spring/src/main/java/org/hiero/spring/implementation/HieroConfigImpl.java
@@ -91,8 +91,7 @@ private static PrivateKey parsePrivateKey(final String privateKey) {
     try {
       return PrivateKey.fromString(privateKey);
     } catch (Exception e) {
-      throw new IllegalArgumentException(
-          "Can not parse 'privateKey' property: '" + privateKey + "'", e);
+      throw new IllegalArgumentException("Can not parse 'privateKey' property", e);
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,9 @@ public TestConfigSource() {`
`48`	`48`	`.filter(e -> !e.getKey().equals("hiero.network.name"))`
`49`	`49`	`.forEach(e -> properties.put(e.getKey(), e.getValue()));`
`50`	`50`
`51`		`- properties.forEach((k, v) -> log.info("CONFIG: '" + k + "'->'" + v + "'"));`
	`51`	`+ properties.forEach(`
	`52`	`+ (k, v) ->`
	`53`	`+ log.info("CONFIG: '" + k + "'->'" + ("hiero.privateKey".equals(k) ? "***" : v) + "'"));`
`52`	`54`	`}`
`53`	`55`
`54`	`56`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -91,8 +91,7 @@ private static PrivateKey parsePrivateKey(final String privateKey) {`
`91`	`91`	`try {`
`92`	`92`	`return PrivateKey.fromString(privateKey);`
`93`	`93`	`} catch (Exception e) {`
`94`		`- throw new IllegalArgumentException(`
`95`		`- "Can not parse 'privateKey' property: '" + privateKey + "'", e);`
	`94`	`+ throw new IllegalArgumentException("Can not parse 'privateKey' property", e);`
`96`	`95`	`}`
`97`	`96`	`}`
`98`	`97`