Redact sensitive env vars instead of hiding them

2024-12-09 17:07:40 -08:00 · 2024-12-09 17:07:40 -08:00 · ed0ae46c37
commit ed0ae46c37
parent e04dff8154
1 changed files with 9 additions and 7 deletions
--- a/reflex/config.py
+++ b/reflex/config.py
@ -572,7 +572,7 @@ environment = EnvironmentVariables()


 # These vars are not logged because they may contain sensitive information.
-_sensitive_env_vars = {"DB_URL", "ASYNC_DB_URL"}
+_sensitive_env_vars = {"DB_URL", "ASYNC_DB_URL", "REDIS_URL"}


 class Config(Base):
@ -758,18 +758,20 @@ class Config(Base):

            # If the env var is set, override the config value.
            if env_var is not None:
-                if key.upper() not in _sensitive_env_vars:
-                    console.info(
-                        f"Overriding config value {key} with env var {key.upper()}={env_var}",
-                        dedupe=True,
-                    )
-
                # Interpret the value.
                value = interpret_env_var_value(env_var, field.outer_type_, field.name)

                # Set the value.
                updated_values[key] = value

+                if key.upper() in _sensitive_env_vars:
+                    env_var = "***"
+
+                console.info(
+                    f"Overriding config value {key} with env var {key.upper()}={env_var}",
+                    dedupe=True,
+                )
+
        return updated_values

    def get_event_namespace(self) -> str: