fix: Do not print password when running in verbose mode (#49)

Sanitize the `sasl.jaas.config` configuration setting before printing it and replace the configured password with a placeholder. Fixes devshawn#96
joschi · Oct 19, 2022 · 8fd14ee · 8fd14ee
1 parent a3a0549
commit 8fd14ee
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/src/main/java/com/devshawn/kafka/gitops/config/KafkaGitopsConfigLoader.java b/src/main/java/com/devshawn/kafka/gitops/config/KafkaGitopsConfigLoader.java
@@ -62,12 +62,23 @@ private static void setConfigFromEnvironment(KafkaGitopsConfig.Builder builder)
 
         handleAuthentication(username, password, config);
 
-        log.info("Kafka Config: {}", config);
+        log.info("Kafka Config: {}", sanitizeConfiguration(config));
 
         builder.putAllConfig(config);
         handleDefaultConfig(builder);
     }
 
+    private static Map<String, Object> sanitizeConfiguration(Map<String, Object> config) {
+        Map<String, Object> sanitizedConfig = new HashMap<>(config);
+
+        String saslConfig = (String) config.get(SaslConfigs.SASL_JAAS_CONFIG);
+        if (saslConfig != null) {
+            sanitizedConfig.replace(SaslConfigs.SASL_JAAS_CONFIG, saslConfig.replaceFirst("password=\".*\";", "password=[redacted];"));
+        }
+
+        return sanitizedConfig;
+    }
+
     private static void handleDefaultConfig(KafkaGitopsConfig.Builder builder) {
         if (!builder.getConfig().containsKey(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG)) {
             builder.putConfig(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG, "localhost:9092");