Skip to content

PMM-14962 Avoid printing sensitive info into log stream #5205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
maxkondr wants to merge 11 commits into
base: v3
Choose a base branch
from
Open

PMM-14962 Avoid printing sensitive info into log stream #5205

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
b1c9847
PMM-14962 Avoid printing sensitive info into log stream
maxkondr Apr 2, 2026
d2c238a
Merge branch 'v3' into PMM-14962-redact-credentials
maxkondr Apr 2, 2026
7db0cf4
fix linter
maxkondr Apr 2, 2026
f4435f4
Merge branch 'v3' into PMM-14962-redact-credentials
maxkondr Apr 8, 2026
cb628d8
Merge branch 'v3' into PMM-14962-redact-credentials
maxkondr Apr 8, 2026
6b60d0d
Fix
maxkondr Apr 8, 2026
a073405
extend bench tests
maxkondr Apr 9, 2026
9dad607
Merge branch 'v3' into PMM-14962-redact-credentials
maxkondr Apr 9, 2026
82d2771
Fix lint
maxkondr Apr 10, 2026
6d2a099
Merge branch 'v3' into PMM-14962-redact-credentials
maxkondr Apr 16, 2026
1f08627
fix
maxkondr Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion agent/agents/process/process.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@ import (

"github.com/percona/pmm/agent/utils/backoff"
"github.com/percona/pmm/agent/utils/templates"
extensionsv1 "github.com/percona/pmm/api/extensions/v1"
inventoryv1 "github.com/percona/pmm/api/inventory/v1"
"github.com/percona/pmm/utils/logger"
"github.com/percona/pmm/utils/pdeathsig"
)

Expand Down Expand Up @@ -82,7 +84,11 @@ type Params struct {
func (p *Params) String() string {
res := p.Path + " " + strings.Join(p.Args, " ")
if len(p.Env) != 0 {
res += " (environment: " + strings.Join(p.Env, ", ") + ")"
printEnv := make([]string, len(p.Env))
for i, item := range p.Env {
printEnv[i] = logger.RedactString(item, extensionsv1.RedactType_REDACT_TYPE_DSN)
}
res += " (environment: " + strings.Join(printEnv, ", ") + ")"
}

return res
Expand Down
9 changes: 5 additions & 4 deletions agent/client/channel/channel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"google.golang.org/protobuf/proto"

agentv1 "github.com/percona/pmm/api/agent/v1"
"github.com/percona/pmm/utils/logger"
)

const (
Expand Down Expand Up @@ -192,9 +193,9 @@ func (c *Channel) send(msg *agentv1.AgentMessage) {
if c.l.Logger.IsLevelEnabled(logrus.DebugLevel) {
// do not use default compact representation for large/complex messages
if size := proto.Size(msg); size < 100 {
c.l.Debugf("Sending message (%d bytes): %s.", size, msg)
c.l.Debugf("Sending message (%d bytes): %s.", size, logger.RedactMessage(msg))
} else {
c.l.Debugf("Sending message (%d bytes):\n%s\n", size, prototext.Format(msg))
c.l.Debugf("Sending message (%d bytes):\n%s\n", size, prototext.Format(logger.RedactMessage(msg)))
}
}

Expand Down Expand Up @@ -227,9 +228,9 @@ func (c *Channel) runReceiver() {
if c.l.Logger.IsLevelEnabled(logrus.DebugLevel) {
// do not use default compact representation for large/complex messages
if size := proto.Size(msg); size < 100 {
c.l.Debugf("Received message (%d bytes): %s.", size, msg)
c.l.Debugf("Received message (%d bytes): %s.", size, logger.RedactMessage(msg))
} else {
c.l.Debugf("Received message (%d bytes):\n%s\n", size, prototext.Format(msg))
c.l.Debugf("Received message (%d bytes):\n%s\n", size, prototext.Format(logger.RedactMessage(msg)))
}
}

Expand Down
183 changes: 92 additions & 91 deletions api/agent/v1/agent.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

67 changes: 34 additions & 33 deletions api/agent/v1/agent.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ package agent.v1;

import "agent/v1/collector.proto";
import "backup/v1/common.proto";
import "extensions/v1/redact.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
import "google/rpc/status.proto";
Expand Down Expand Up @@ -57,7 +58,7 @@ message SetStateRequest {
string template_left_delim = 2;
string template_right_delim = 3;
repeated string args = 4;
repeated string env = 5;
repeated string env = 5 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
map<string, string> text_files = 6;
repeated string redact_words = 7;
// Environment variable names to be resolved from pmm-agent's environment.
Expand All @@ -67,7 +68,7 @@ message SetStateRequest {
// BuiltinAgent describes desired configuration of a single built-in agent for pmm-agent.
message BuiltinAgent {
inventory.v1.AgentType type = 1;
string dsn = 2;
string dsn = 2 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Limit query length in QAN (default: server-defined; -1: no limit).
int32 max_query_length = 3;
// Disable parsing comments from queries and showing them in QAN.
Expand All @@ -83,7 +84,7 @@ message SetStateRequest {
// TLS certificate wont be verified.
bool tls_skip_verify = 9;
// Environment variables to be passed to the built-in agent.
map<string, string> env = 10;
map<string, string> env = 10 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Real-Time Analytics options.
inventory.v1.RTAOptions rta_options = 11;
// Service identifier of the service where the agent connects to.
Expand Down Expand Up @@ -162,7 +163,7 @@ message StartActionRequest {
// MySQLExplainParams describes MySQL EXPLAIN action parameters.
message MySQLExplainParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string query = 2;
repeated string values = 3;
string schema = 4;
Expand All @@ -175,7 +176,7 @@ message StartActionRequest {
// MySQLShowCreateTableParams describes MySQL SHOW CREATE TABLE action parameters.
message MySQLShowCreateTableParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string table = 2;
// Contains files and their contents which can be used in DSN.
TextFiles tls_files = 3;
Expand All @@ -185,17 +186,17 @@ message StartActionRequest {
// MySQLShowTableStatusParams describes MySQL SHOW TABLE STATUS action parameters.
message MySQLShowTableStatusParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string table = 2;
// Contains files and their contents which can be used in DSN.
// Contains files and their contents which can be used in REDACT_TYPE_DSN.
TextFiles tls_files = 3;
// TLS certificate wont be verified.
bool tls_skip_verify = 4;
}
// MySQLShowIndexParams describes MySQL SHOW INDEX action parameters.
message MySQLShowIndexParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string table = 2;
// Contains files and their contents which can be used in DSN.
TextFiles tls_files = 3;
Expand All @@ -205,7 +206,7 @@ message StartActionRequest {
// PostgreSQLShowCreateTableParams describes PostgreSQL SHOW CREATE TABLE action parameters.
message PostgreSQLShowCreateTableParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string table = 2;
// Contains files and their contents which can be used in DSN.
TextFiles tls_files = 3;
Expand All @@ -215,7 +216,7 @@ message StartActionRequest {
// PostgreSQLShowIndexParams describes PostgreSQL SHOW INDEX action parameters.
message PostgreSQLShowIndexParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string table = 2;
// Contains files and their contents which can be used in DSN.
TextFiles tls_files = 3;
Expand All @@ -226,7 +227,7 @@ message StartActionRequest {
message MongoDBExplainParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
string query = 2;
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 3;
Expand All @@ -239,27 +240,27 @@ message StartActionRequest {
string host = 1;
uint32 port = 2;
string username = 3;
string password = 4;
string password = 4 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
}
// PTMongoDBSummaryParams describes parameters for PT MongoDB summary.
message PTMongoDBSummaryParams {
string host = 1;
uint32 port = 2;
string username = 3;
string password = 4;
string password = 4 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
}
// PTMySQLSummaryParams describes parameters for PT MySQL summary.
message PTMySQLSummaryParams {
string host = 1;
uint32 port = 2;
string socket = 3;
string username = 4;
string password = 5;
string password = 5 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
}
// MySQLQueryShowParams describes MySQL SHOW query action parameters.
message MySQLQueryShowParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Query suffix (without leading SHOW).
string query = 2;
// Contains files and their contents which can be used in DSN.
Expand All @@ -270,18 +271,18 @@ message StartActionRequest {
// MySQLQuerySelectParams describes MySQL SELECT query action parameters.
message MySQLQuerySelectParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Query suffix (without leading SELECT).
string query = 2;
// Contains files and their contents which can be used in DSN.
// Contains files and their contents which can be used in REDACT_TYPE_DSN.
TextFiles tls_files = 3;
// TLS certificate wont be verified.
bool tls_skip_verify = 4;
}
// PostgreSQLQueryShowParams describes PostgreSQL SHOW query action parameters.
message PostgreSQLQueryShowParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles tls_files = 2;
// TLS certificate wont be verified.
Expand All @@ -290,7 +291,7 @@ message StartActionRequest {
// PostgreSQLQuerySelectParams describes PostgreSQL SELECT query action parameters.
message PostgreSQLQuerySelectParams {
// DSN for the service. May contain connection (dial) timeout.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Query suffix (without leading SELECT).
string query = 2;
// Contains files and their contents which can be used in DSN.
Expand All @@ -302,39 +303,39 @@ message StartActionRequest {
message MongoDBQueryGetParameterParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
}
// MongoDBQueryBuildInfoParams describes MongoDB buildInfo query action parameters.
message MongoDBQueryBuildInfoParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
}
// MongoDBQueryGetCmdLineOptsParams describes MongoDB getCmdLineOpts query action parameters.
message MongoDBQueryGetCmdLineOptsParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
}
// MongoDBQueryReplSetGetStatusParams describes MongoDB replSetGetStatus query action parameters.
message MongoDBQueryReplSetGetStatusParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
}
// MongoDBQueryGetDiagnosticDataParams describes MongoDB getDiagnosticData query action parameters.
message MongoDBQueryGetDiagnosticDataParams {
// DSN for the service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
}
Expand Down Expand Up @@ -408,7 +409,7 @@ message ActionResultResponse {}
message PBMSwitchPITRRequest {
// DSN for the MongoDB service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
// Specifies if PITR should be enabled or disabled.
Expand Down Expand Up @@ -438,7 +439,7 @@ message CheckConnectionRequest {
// Service type.
inventory.v1.ServiceType type = 1;
// DSN for the service. May contain connection (dial) timeout.
string dsn = 2;
string dsn = 2 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Timeout for the whole request.
google.protobuf.Duration timeout = 3;
// Contains files and their contents which can be used in DSN.
Expand All @@ -465,7 +466,7 @@ message ServiceInfoRequest {
// Service type.
inventory.v1.ServiceType type = 1;
// DSN for the service. May contain connection (dial) timeout.
string dsn = 2;
string dsn = 2 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Timeout for the whole request.
google.protobuf.Duration timeout = 3;
// Contains files and their contents which can be used in DSN.
Expand Down Expand Up @@ -503,8 +504,8 @@ message JobStatusResponse {
// S3LocationConfig represents S3 bucket configuration.
message S3LocationConfig {
string endpoint = 1;
string access_key = 2;
string secret_key = 3;
string access_key = 2 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
string secret_key = 3 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
string bucket_name = 4;
string bucket_region = 5;
}
Expand All @@ -523,9 +524,9 @@ message StartJobRequest {
reserved "filesystem_config";

// Database user;
string user = 1;
string user = 1 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
// Database password.
string password = 2;
string password = 2 [(extensions.v1.sensitive) = REDACT_TYPE_FULL];
// Database address. Can't be specified with socket.
string address = 3;
// Database port. Can't be specified with socket.
Expand Down Expand Up @@ -562,7 +563,7 @@ message StartJobRequest {
message MongoDBBackup {
// DSN for the MongoDB service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
// Backup name.
Expand All @@ -583,7 +584,7 @@ message StartJobRequest {
message MongoDBRestoreBackup {
// DSN for the MongoDB service. May contain connection (dial) timeout.
// May contain placeholders for file paths in DSN.
string dsn = 1;
string dsn = 1 [(extensions.v1.sensitive) = REDACT_TYPE_DSN];
// Contains files and their contents which can be used in DSN.
TextFiles text_files = 2;
// Backup name.
Expand Down
12 changes: 7 additions & 5 deletions api/backup/v1/locations.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 9 additions & 2 deletions api/backup/v1/locations.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ syntax = "proto3";

package backup.v1;

import "extensions/v1/redact.proto";
import "google/api/annotations.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
Expand All @@ -14,8 +15,14 @@ message FilesystemLocationConfig {
// S3LocationConfig represents S3 bucket configuration.
message S3LocationConfig {
string endpoint = 1 [(validate.rules).string.min_len = 1];
string access_key = 2 [(validate.rules).string.min_len = 1];
string secret_key = 3 [(validate.rules).string.min_len = 1];
string access_key = 2 [
(validate.rules).string.min_len = 1,
(extensions.v1.sensitive) = REDACT_TYPE_FULL
];
string secret_key = 3 [
(validate.rules).string.min_len = 1,
(extensions.v1.sensitive) = REDACT_TYPE_FULL
];
string bucket_name = 4 [(validate.rules).string.min_len = 1];
}

Expand Down
Loading
Loading