Mask Service Principal credential in agent logs (#4891)

localconst · web-flow · commit ce96634ddb6d · 2024-07-11T08:50:08.000Z
* Add SP creds to masker dictionary

* Fix remove command
diff --git a/src/Agent.Listener/CommandSettings.cs b/src/Agent.Listener/CommandSettings.cs
@@ -72,12 +72,18 @@ public CommandSettings(IHostContext context, string[] args, IScopedEnvironment e
                 context.SecretMasker.AddValue(Configure.SslClientCert, WellKnownSecretAliases.ConfigureSslClientCert);
                 context.SecretMasker.AddValue(Configure.Token, WellKnownSecretAliases.ConfigureToken);
                 context.SecretMasker.AddValue(Configure.WindowsLogonPassword, WellKnownSecretAliases.ConfigureWindowsLogonPassword);
+                context.SecretMasker.AddValue(Configure.TenantId, WellKnownSecretAliases.ConfigureTenantId);
+                context.SecretMasker.AddValue(Configure.ClientId, WellKnownSecretAliases.ConfigureClientId);
+                context.SecretMasker.AddValue(Configure.ClientSecret, WellKnownSecretAliases.ConfigureClientSecret);
             }
 
             if (Remove != null)
             {
                 context.SecretMasker.AddValue(Remove.Password, WellKnownSecretAliases.RemovePassword);
                 context.SecretMasker.AddValue(Remove.Token, WellKnownSecretAliases.RemoveToken);
+                context.SecretMasker.AddValue(Remove.TenantId, WellKnownSecretAliases.RemoveTenantId);
+                context.SecretMasker.AddValue(Remove.ClientId, WellKnownSecretAliases.RemoveClientId);
+                context.SecretMasker.AddValue(Remove.ClientSecret, WellKnownSecretAliases.RemoveClientSecret);
             }
 
             PrintArguments();
diff --git a/src/Agent.Sdk/Util/WellKnownSecretAliases.cs b/src/Agent.Sdk/Util/WellKnownSecretAliases.cs
@@ -11,8 +11,14 @@ public static class WellKnownSecretAliases
         public static readonly string ConfigureSslClientCert = "Configure.SslClientCert";
         public static readonly string ConfigureToken = "Configure.Token";
         public static readonly string ConfigureWindowsLogonPassword = "Configure.WindowsLogonPassword";
+        public static readonly string ConfigureClientId = "Configure.ClientId";
+        public static readonly string ConfigureClientSecret = "Configure.ClientSecret";
+        public static readonly string ConfigureTenantId = "Configure.TenantId";
         public static readonly string RemovePassword = "Remove.Password";
         public static readonly string RemoveToken = "Remove.Token";
+        public static readonly string RemoveClientId = "Remove.ClientId";
+        public static readonly string RemoveClientSecret = "Remove.ClientSecret";
+        public static readonly string RemoveTenantId = "Remove.TenantId";
 
         // Other known origins for secrets
         public static readonly string GitSourceProviderAuthHeader = "GitSourceProvider.AuthHeader";

Original file line number	Diff line number	Diff line change
`@@ -72,12 +72,18 @@ public CommandSettings(IHostContext context, string[] args, IScopedEnvironment e`
`72`	`72`	`context.SecretMasker.AddValue(Configure.SslClientCert, WellKnownSecretAliases.ConfigureSslClientCert);`
`73`	`73`	`context.SecretMasker.AddValue(Configure.Token, WellKnownSecretAliases.ConfigureToken);`
`74`	`74`	`context.SecretMasker.AddValue(Configure.WindowsLogonPassword, WellKnownSecretAliases.ConfigureWindowsLogonPassword);`
	`75`	`+ context.SecretMasker.AddValue(Configure.TenantId, WellKnownSecretAliases.ConfigureTenantId);`
	`76`	`+ context.SecretMasker.AddValue(Configure.ClientId, WellKnownSecretAliases.ConfigureClientId);`
	`77`	`+ context.SecretMasker.AddValue(Configure.ClientSecret, WellKnownSecretAliases.ConfigureClientSecret);`
`75`	`78`	`}`
`76`	`79`
`77`	`80`	`if (Remove != null)`
`78`	`81`	`{`
`79`	`82`	`context.SecretMasker.AddValue(Remove.Password, WellKnownSecretAliases.RemovePassword);`
`80`	`83`	`context.SecretMasker.AddValue(Remove.Token, WellKnownSecretAliases.RemoveToken);`
	`84`	`+ context.SecretMasker.AddValue(Remove.TenantId, WellKnownSecretAliases.RemoveTenantId);`
	`85`	`+ context.SecretMasker.AddValue(Remove.ClientId, WellKnownSecretAliases.RemoveClientId);`
	`86`	`+ context.SecretMasker.AddValue(Remove.ClientSecret, WellKnownSecretAliases.RemoveClientSecret);`
`81`	`87`	`}`
`82`	`88`
`83`	`89`	`PrintArguments();`