Skip to content

Commit 2f96c95

Browse files
authored
Merge pull request #578 from Dstack-TEE/fix/redact-dns-credential-token
fix(gateway): redact cf_api_token in ListDnsCredentials response
2 parents e628bc3 + e7e5eef commit 2f96c95

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

gateway/src/admin_service.rs

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -693,7 +693,7 @@ fn dns_cred_to_proto(cred: DnsCredential) -> DnsCredentialInfo {
693693
let (provider_type, cf_api_token, cf_api_url) = match &cred.provider {
694694
DnsProvider::Cloudflare { api_token, api_url } => (
695695
"cloudflare".to_string(),
696-
api_token.clone(),
696+
redact_token(api_token),
697697
api_url.clone().unwrap_or_default(),
698698
),
699699
};
@@ -710,6 +710,15 @@ fn dns_cred_to_proto(cred: DnsCredential) -> DnsCredentialInfo {
710710
}
711711
}
712712

713+
fn redact_token(token: &str) -> String {
714+
let len = token.len();
715+
if len <= 8 {
716+
"*".repeat(len)
717+
} else {
718+
format!("{}...{}", &token[..4], &token[len - 4..])
719+
}
720+
}
721+
713722
/// Convert proto ZtDomainConfig to internal ZtDomainConfig
714723
fn proto_to_zt_domain_config(
715724
proto: &ProtoZtDomainConfig,

0 commit comments

Comments
 (0)