Redact private key from startup output

christianbundy · christianbundy · commit 28ce126a784e · 2019-02-05T12:00:46.000-08:00
Previously we did this output *before* adding the keys to the config,
but recently there were changes made that required the keys to be added
to the config before the config was finished. This meant that the config
being output contained private keys, which seems like a major security
hazard for debugging.

This commit changes the code so that we make a copy of the full config,
set `redactedConfig.keys.private = null`, and then output the redacted
configuration safely without any secrets exposed.
diff --git a/index.js b/index.js
@@ -196,7 +196,9 @@ function setupContext (appName, opts, cb) {
     ssbConfig.remote = `unix:${socketPath}:~noauth:${pubkey}`
   }
 
-  console.log(ssbConfig)
+  const redactedConfig = Object.assign({}, ssbConfig);
+  redactedConfig.keys.private = null
+  console.log(redactedConfig)
 
   if (opts.server === false) {
     cb && cb()

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,9 @@ function setupContext (appName, opts, cb) {`
`196`	`196`	ssbConfig.remote = `unix:${socketPath}:~noauth:${pubkey}`
`197`	`197`	`}`
`198`	`198`
`199`		`- console.log(ssbConfig)`
	`199`	`+ const redactedConfig = Object.assign({}, ssbConfig);`
	`200`	`+ redactedConfig.keys.private = null`
	`201`	`+ console.log(redactedConfig)`
`200`	`202`
`201`	`203`	`if (opts.server === false) {`
`202`	`204`	`cb && cb()`