[PR #2792] [MERGED] Mask sensitive authentication information to log #2792

New issue

Closed

opened 2026-03-04 02:07:19 +03:00 by kerem · 0 comments

kerem commented

2026-03-04 02:07:19 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/s3fs-fuse/s3fs-fuse/pull/2792
Author: @ggtakec
Created: 1/24/2026
Status: ✅ Merged
Merged: 2/4/2026
Merged by: @gaul

Base: master ← Head: improve/securelog

📝 Commits (1)

b92d16a Mask sensitive authentication information to log

📊 Changes

14 files changed (+231 additions, -16 deletions)

View changed files

📝 doc/man/s3fs.1.in (+5 -0)
📝 src/common.h (+1 -0)
📝 src/curl.cpp (+12 -7)
📝 src/s3fs.cpp (+10 -2)
📝 src/s3fs_cred.cpp (+4 -4)
📝 src/s3fs_global.cpp (+1 -0)
📝 src/s3fs_help.cpp (+7 -0)
📝 src/s3fs_threadreqs.cpp (+2 -2)
📝 src/s3fs_util.cpp (+18 -1)
📝 src/s3fs_util.h (+2 -0)
📝 src/string_util.cpp (+82 -0)
📝 src/string_util.h (+7 -0)
📝 src/test_string_util.cpp (+79 -0)
📝 test/integration-test-common.sh (+1 -0)

📄 Description

Relevant Issue (if applicable)

#2787

Details

As pointed out in #2787, this PR prevents authentication information (token and credential) from being output in plain text to logs.
Output related to authentication information has been changed so that it is output to the log by replacing it with [SENSITIVE].

And the insecure_logging option has been added as a way to output this information as before for developer debugging purposes.
This option is provided as deprecated. (It should be avoided in production environments, but we understand that it may be used in development environments.)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/s3fs-fuse/s3fs-fuse/pull/2792 **Author:** [@ggtakec](https://github.com/ggtakec) **Created:** 1/24/2026 **Status:** ✅ Merged **Merged:** 2/4/2026 **Merged by:** [@gaul](https://github.com/gaul) **Base:** `master` ← **Head:** `improve/securelog` --- ### 📝 Commits (1) - [`b92d16a`](https://github.com/s3fs-fuse/s3fs-fuse/commit/b92d16ad47f3f324dbb80c22d482b0ac2d7dffa7) Mask sensitive authentication information to log ### 📊 Changes **14 files changed** (+231 additions, -16 deletions) <details> <summary>View changed files</summary> 📝 `doc/man/s3fs.1.in` (+5 -0) 📝 `src/common.h` (+1 -0) 📝 `src/curl.cpp` (+12 -7) 📝 `src/s3fs.cpp` (+10 -2) 📝 `src/s3fs_cred.cpp` (+4 -4) 📝 `src/s3fs_global.cpp` (+1 -0) 📝 `src/s3fs_help.cpp` (+7 -0) 📝 `src/s3fs_threadreqs.cpp` (+2 -2) 📝 `src/s3fs_util.cpp` (+18 -1) 📝 `src/s3fs_util.h` (+2 -0) 📝 `src/string_util.cpp` (+82 -0) 📝 `src/string_util.h` (+7 -0) 📝 `src/test_string_util.cpp` (+79 -0) 📝 `test/integration-test-common.sh` (+1 -0) </details> ### 📄 Description ### Relevant Issue (if applicable) #2787 ### Details As pointed out in #2787, this PR prevents authentication information (token and credential) from being output in plain text to logs. Output related to authentication information has been changed so that it is output to the log by replacing it with `[SENSITIVE]`. And the `insecure_logging` option has been added as a way to output this information as before for developer debugging purposes. This option is provided as deprecated. (It should be avoided in production environments, but we understand that it may be used in development environments.) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>