open-vault/command/agent/cache
Christopher Swenson 0af0543bbe
VAULT-5935 agent: redact renew-self if using auto auth (#15380)
Vault agent redacts the token and accessor for `/auth/token/lookup-self` (and `lookup`)
if the token is the auto auth token to prevent it from leaking.

Similarly, we need to redact the token and accessor from `renew-self`
and `renew`, which also leak the token and accessor.

I tested this locally by starting up a Vault agent and querying the
agent endpoints, and ensuring that the accessor and token were set to
the empty string in the response.
2022-05-12 09:25:55 -07:00
..
cacheboltdb
cachememdb
keymanager
api_proxy.go
api_proxy_test.go
cache_test.go VAULT-5935 agent: redact renew-self if using auto auth (#15380) 2022-05-12 09:25:55 -07:00
handler.go VAULT-5935 agent: redact renew-self if using auto auth (#15380) 2022-05-12 09:25:55 -07:00
lease_cache.go VAULT-5935 agent: redact renew-self if using auto auth (#15380) 2022-05-12 09:25:55 -07:00
lease_cache_test.go
listener.go
proxy.go
testing.go