feat: censor sensitive fields in API responses#58
Merged
jason-lynch merged 1 commit intomainfrom Jun 17, 2025
Merged
Conversation
jason-lynch
force-pushed
the
feat/PLAT-86/human-readable-ids
branch
from
87f64ba to
1293ea0
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/censor-sensitive-fields
branch
2 times, most recently
from
eac3065 to
b648c46
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/human-readable-ids
branch
from
1293ea0 to
8511659
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/censor-sensitive-fields
branch
from
b648c46 to
0f916d1
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/human-readable-ids
branch
from
8511659 to
ed23079
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/censor-sensitive-fields
branch
from
0f916d1 to
d73f271
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/human-readable-ids
branch
from
ed23079 to
8647b1a
Compare
jason-lynch
force-pushed
the
feat/PLAT-86/censor-sensitive-fields
branch
from
d73f271 to
04ace88
Compare
With this change, the following sensitive fields will be omitted from all API responses: - Database user passwords - Backup and restore repository credentials: - S3 keys/secrets - Azure keys - GCS keys We want to enable users to manage databases without storing the original create request. So, this commit also changes the update behavior so that these sensitive fields can be omitted from update requests. This makes it safe to store the database spec in version control. Users can modify the credentials, such as when rotating passwords, by including the updated values in an update request. PLAT-86
jason-lynch
force-pushed
the
feat/PLAT-86/censor-sensitive-fields
branch
from
04ace88 to
5d5c2b2
Compare
tsivaprasad
approved these changes
Jun 17, 2025
Contributor
tsivaprasad
left a comment
tsivaprasad
left a comment
There was a problem hiding this comment.
Verified:
no_sensitive_data.json
mmols
approved these changes
Jun 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With this change, the following sensitive fields will be omitted from all API responses:
We want to enable users to manage databases without storing the original create request. So, this commit also changes the update behavior so that these sensitive fields can be omitted from update requests. This makes it safe to store the database spec in version control.
Users can modify the credentials, such as when rotating passwords, by including the updated values in an update request.
PLAT-86