phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-06 18:40:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): redact JWT tokens in server logs (#4325)

Browse source 
Add "token" to sensitive field patterns in redact_sensitive_fields() to
prevent JWT tokens from being logged in plaintext. Previously only
api_key, api_token, password, and secret were filtered.

This prevents tokens like server.auth.provider_config.jwks.token from
being exposed in server logs.

Closes: #4324

Signed-off-by: Derek Higgins <derekh@redhat.com>
This commit is contained in:
Derek Higgins 2025-12-05 20:53:47 +00:00 committed by GitHub
parent fc4fc03606
commit 8998000aec
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/llama_stack/core/utils/config.py
View file

@ -9,7 +9,7 @@ from typing import Any
def redact_sensitive_fields(data: dict[str, Any]) -> dict[str, Any]: def redact_sensitive_fields(data: dict[str, Any]) -> dict[str, Any]:
"""Redact sensitive information from config before printing.""" """Redact sensitive information from config before printing."""
sensitive_patterns = ["api_key", "api_token", "password", "secret"] sensitive_patterns = ["api_key", "api_token", "password", "secret", "token"]
def _redact_value(v: Any) -> Any: def _redact_value(v: Any) -> Any:
if isinstance(v, dict): if isinstance(v, dict):