Skip to content

fix(helm): redact API key when echoing auth response in test-local.sh#106

Closed
rguichard wants to merge 1 commit into
feature/pla-1455-move-app-related-deployment-config-into-application-reposfrom
fix/test-local-redact-secret
Closed

fix(helm): redact API key when echoing auth response in test-local.sh#106
rguichard wants to merge 1 commit into
feature/pla-1455-move-app-related-deployment-config-into-application-reposfrom
fix/test-local-redact-secret

Conversation

@rguichard

Copy link
Copy Markdown
Collaborator

Addresses an Aikido finding on PR #90 (helm/charts/erpc/test-local.sh:195).

The auth test issues a request whose URL contains LABELS_SERVICE_API_KEY and, on unexpected failure, echoed the raw response. While the JSON-RPC body itself doesn't carry the secret, an error response can reflect the request URL (and thus the key). The key is now masked in the printed output as defense-in-depth.

🤖 Generated with Claude Code

The auth test issues a request whose URL contains LABELS_SERVICE_API_KEY
and, on unexpected failure, echoed the raw response. While the JSON-RPC
body itself doesn't carry the secret, an error response can reflect the
request URL (and thus the key). Mask the key in the printed output as
defense-in-depth.

Addresses Aikido finding on helm/charts/erpc/test-local.sh:195.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@rguichard rguichard closed this Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant