From 41e642eab3a90a4e70e3c465e084f93a9625059d Mon Sep 17 00:00:00 2001 From: Robert Adam Date: Mon, 22 Aug 2022 12:57:43 +0200 Subject: [PATCH] Don't log value of sensitive configs Fixes #15 --- entrypoint.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 8ed1b9a..92c4d6a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,6 +6,15 @@ readonly BARE_BONES_CONFIG_FILE="/etc/mumble/bare_config.ini" readonly CONFIG_REGEX="^(\;|\#)?\ *([a-zA-Z_0-9]+)=.*" CONFIG_FILE="${DATA_DIR}/mumble_server_config.ini" +readonly SENSITIVE_CONFIGS=( + "dbPassword" + "icesecretread" + "icesecretwrite" + "serverpassword" + "registerpassword" + "sslPassPhrase" +) + # Compile list of configuration options from the bare-bones config readarray -t existing_config_options < <(sed -En "s/$CONFIG_REGEX/\2/p" "$BARE_BONES_CONFIG_FILE") @@ -42,7 +51,11 @@ set_config() { [[ "$apply_value" != true ]] && return 0 - echo "Setting config \"$config_name\" to: '$config_value'" + if array_contains "SENSITIVE_CONFIGS" "$config_name"; then + echo "Setting config \"$config_name\" to: *********" + else + echo "Setting config \"$config_name\" to: '$config_value'" + fi used_configs+=("$config_name") # Append config to our on-the-fly-built config file