Implemented unified secrets sanitization and env. redaction options (#15348)

2026-04-24 22:55:13 +00:00 · 2025-12-22 19:18:27 -08:00
parent 2ac9fe08f7
commit 3b1dbcd42d
18 changed files with 817 additions and 103 deletions
--- a/schemas/settings.schema.json
+++ b/schemas/settings.schema.json
@@ -1231,6 +1231,43 @@
          },
          "additionalProperties": false
        },
+        "environmentVariableRedaction": {
+          "title": "Environment Variable Redaction",
+          "description": "Settings for environment variable redaction.",
+          "markdownDescription": "Settings for environment variable redaction.\n\n- Category: `Security`\n- Requires restart: `no`\n- Default: `{}`",
+          "default": {},
+          "type": "object",
+          "properties": {
+            "allowed": {
+              "title": "Allowed Environment Variables",
+              "description": "Environment variables to always allow (bypass redaction).",
+              "markdownDescription": "Environment variables to always allow (bypass redaction).\n\n- Category: `Security`\n- Requires restart: `yes`\n- Default: `[]`",
+              "default": [],
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "blocked": {
+              "title": "Blocked Environment Variables",
+              "description": "Environment variables to always redact.",
+              "markdownDescription": "Environment variables to always redact.\n\n- Category: `Security`\n- Requires restart: `yes`\n- Default: `[]`",
+              "default": [],
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "enabled": {
+              "title": "Enable Environment Variable Redaction",
+              "description": "Enable redaction of environment variables that may contain secrets.",
+              "markdownDescription": "Enable redaction of environment variables that may contain secrets.\n\n- Category: `Security`\n- Requires restart: `yes`\n- Default: `false`",
+              "default": false,
+              "type": "boolean"
+            }
+          },
+          "additionalProperties": false
+        },
        "auth": {
          "title": "Authentication",
          "description": "Authentication settings.",