Skip to content

Commit 4827a72

Browse files
cveticmcveticm
committed
fix: config describe prints secure properties with value redacted
1 parent 5d22a8e commit 4827a72

File tree

1 file changed

+48
-1
lines changed

1 file changed

+48
-1
lines changed

internal/cli/config/describe.go

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ import (
1818
"fmt"
1919

2020
"github.com/mongodb/atlas-cli-core/config"
21+
"github.com/mongodb/atlas-cli-core/config/secure"
2122
"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli"
2223
"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/require"
2324
"github.com/spf13/cobra"
@@ -32,6 +33,47 @@ var descTemplate = `SETTING VALUE{{ range $key, $value := . }}
3233
{{$key}} {{$value}}{{end}}
3334
`
3435

36+
const redacted = "redacted"
37+
38+
// AddSecureProperties adds secure properties to the map with "redacted" value
39+
// if they are available in the config.
40+
func (opts *describeOpts) AddSecureProperties(m map[string]string) (map[string]string, error) {
41+
// Check if secure storage is available
42+
configStore, err := config.NewDefaultStore()
43+
if err != nil {
44+
return nil, err
45+
}
46+
if !configStore.IsSecure() {
47+
return m, nil
48+
}
49+
50+
// We are using a keyring client directly here to avoid printing env vars
51+
secureKeyring := secure.NewDefaultKeyringClient()
52+
// Service Account
53+
if v, err := secureKeyring.Get(opts.name, "client_id"); err == nil && v != "" {
54+
m["client_id"] = redacted
55+
}
56+
if v, err := secureKeyring.Get(opts.name, "client_secret"); err == nil && v != "" {
57+
m["client_secret"] = redacted
58+
}
59+
// API Keys
60+
if v, err := secureKeyring.Get(opts.name, "public_api_key"); err == nil && v != "" {
61+
m["public_api_key"] = redacted
62+
}
63+
if v, err := secureKeyring.Get(opts.name, "private_api_key"); err == nil && v != "" {
64+
m["private_api_key"] = redacted
65+
}
66+
// User Account
67+
if v, err := secureKeyring.Get(opts.name, "access_token"); err == nil && v != "" {
68+
m["access_token"] = redacted
69+
}
70+
if v, err := secureKeyring.Get(opts.name, "refresh_token"); err == nil && v != "" {
71+
m["refresh_token"] = redacted
72+
}
73+
74+
return m, nil
75+
}
76+
3577
func (opts *describeOpts) Run() error {
3678
if !config.Exists(opts.name) {
3779
return fmt.Errorf("you don't have a profile named '%s'", opts.name)
@@ -41,7 +83,12 @@ func (opts *describeOpts) Run() error {
4183
return err
4284
}
4385

44-
return opts.Print(config.Map())
86+
mapConfig, err := opts.AddSecureProperties(config.Map())
87+
if err != nil {
88+
return err
89+
}
90+
91+
return opts.Print(mapConfig)
4592
}
4693

4794
func DescribeBuilder() *cobra.Command {

0 commit comments

Comments
 (0)