From b5102e7fa95b50f4580ed8e3208e6fbf67f913e7 Mon Sep 17 00:00:00 2001
From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com>
Date: Wed, 1 Oct 2025 16:46:31 +0200
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 95: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../garbage_collector/_tasks_api_keys.py                      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
index a0a67a833f85..ed3ab827efe7 100644
--- a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
+++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
@@ -21,8 +21,8 @@
 async def _prune_expired_api_keys(app: web.Application):
     if deleted := await api_keys_service.prune_expired_api_keys(app):
         # broadcast force logout of user_id
-        for api_key in deleted:
-            _logger.info("API-key %s expired and was removed", f"{api_key=}")
+        for _ in deleted:
+            _logger.info("Expired API key was removed")
 
     else:
         _logger.info("No API keys expired")

From c3823794c97c4e1ba4ee76500da0c8141872ef02 Mon Sep 17 00:00:00 2001
From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com>
Date: Fri, 3 Oct 2025 11:32:56 +0200
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=90=9B=20Remove=20redundant=20logging?=
 =?UTF-8?q?=20for=20each=20expired=20API=20key=20removal=20(#8449)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../garbage_collector/_tasks_api_keys.py                     | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
index ed3ab827efe7..0f55860dbf87 100644
--- a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
+++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_api_keys.py
@@ -20,10 +20,7 @@
 
 async def _prune_expired_api_keys(app: web.Application):
     if deleted := await api_keys_service.prune_expired_api_keys(app):
-        # broadcast force logout of user_id
-        for _ in deleted:
-            _logger.info("Expired API key was removed")
-
+        _logger.info("%d expired API keys were removed", len(deleted))
     else:
         _logger.info("No API keys expired")