From 41e642eab3a90a4e70e3c465e084f93a9625059d Mon Sep 17 00:00:00 2001
From: Robert Adam <dev@robert-adam.de>
Date: Mon, 22 Aug 2022 12:57:43 +0200
Subject: [PATCH] Don't log value of sensitive configs

Fixes #15
---
 entrypoint.sh | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 8ed1b9a..92c4d6a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -6,6 +6,15 @@ readonly BARE_BONES_CONFIG_FILE="/etc/mumble/bare_config.ini"
 readonly CONFIG_REGEX="^(\;|\#)?\ *([a-zA-Z_0-9]+)=.*"
 CONFIG_FILE="${DATA_DIR}/mumble_server_config.ini"
 
+readonly SENSITIVE_CONFIGS=(
+	"dbPassword"
+	"icesecretread"
+	"icesecretwrite"
+	"serverpassword"
+	"registerpassword"
+	"sslPassPhrase"
+)
+
 # Compile list of configuration options from the bare-bones config
 readarray -t existing_config_options < <(sed -En "s/$CONFIG_REGEX/\2/p" "$BARE_BONES_CONFIG_FILE")
 
@@ -42,7 +51,11 @@ set_config() {
 
 	[[ "$apply_value" != true ]] && return 0
 
-	echo "Setting config \"$config_name\" to: '$config_value'"
+	if array_contains "SENSITIVE_CONFIGS" "$config_name"; then
+		echo "Setting config \"$config_name\" to: *********"
+	else
+		echo "Setting config \"$config_name\" to: '$config_value'"
+	fi
 	used_configs+=("$config_name")
 
 	# Append config to our on-the-fly-built config file