fix: obfuscate additional server secrets values (#9014)

### What problem does this PR solve? Obfuscates additional secrets values on ragflow_server startup to prevent leakage: * `secret` (azure) * `client_secret` (oauth) * `http_secret_key` (authentication) * `sas_token` (azure) ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) Co-authored-by: Gifford R Nowland <gifford.r.nowland@aero.org>
2025-12-08 20:42:30 +08:00 · 2025-07-23 19:16:23 -07:00
parent dc95bd6a7c
commit 34c35cf8ae
1 changed files with 16 additions and 0 deletions
--- a/api/utils/init.py
+++ b/api/utils/init.py
@ -76,6 +76,22 @@ def show_configs():
            if "secret_key" in v:
                v = copy.deepcopy(v)
                v["secret_key"] = "*" * 8
+            if "secret" in v:
+                v = copy.deepcopy(v)
+                v["secret"] = "*" * 8
+            if "sas_token" in v:
+                v = copy.deepcopy(v)
+                v["sas_token"] = "*" * 8
+            if "oauth" in k:
+                v =  copy.deepcopy(v)
+                for key, val in v.items():
+                  if "client_secret" in val:
+                      val["client_secret"] = "*" * 8
+            if "authentication" in k:
+                v =  copy.deepcopy(v)
+                for key, val in v.items():
+                  if "http_secret_key" in val:
+                      val["http_secret_key"] = "*" * 8
        msg += f"\n\t{k}: {v}"
    logging.info(msg)