Skip to content

Redact tokens from --debug log #17625

New issue
New issue
Closed
#17671
Closed
Redact tokens from --debug log#17625
#17671
Assignees
jiasli
Labels
CoreCLI core infrastructurefeature-request
Milestone
S187
@jiasli

Description

@jiasli
jiasli
opened on Apr 9, 2021

Context

  1. Starting from azure-core 1.13.0, Authorization header is now exposed in DEBUG log (Make NetworkTraceLoggingPolicy show the auth token in plain text azure-sdk-for-python#17424).
  2. Python SDK decided not to redact x-ms-authorization-auxiliary header (x-ms-authorization-auxiliary header should be redacted azure-sdk-for-python#17271).

Before bumping azure-core to 1.13.0, Azure CLI must adapt to azure-core's new behavior.

Proposed solutions

For tokens in Authorization and x-ms-authorization-auxiliary:

  1. Keep the current behavior and redact tokens.
  2. Expose tokens in --debug mode like the new NetworkTraceLoggingPolicy.
    1. Unconditionally do so, but redact tokens in --verbose.
    2. Make a config like az config set logging.show_tokens=True.

Metadata

Metadata

Assignees

Labels

CoreCLI core infrastructurefeature-request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions