From 0e121b3c2947e46827ab2f2c5e27ae7183d27397 Mon Sep 17 00:00:00 2001 From: Daniel Bennett Date: Wed, 26 Mar 2025 12:36:08 -0400 Subject: [PATCH] sanitize auth method in create/update reply (#25519) create/update APIs only work for someone who has the secret(s) in hand, but that someone could be a CI system, which might log output. --- nomad/acl_endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index 955b9680a..dfe92ba2e 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -1947,7 +1947,7 @@ func (a *ACL) UpsertAuthMethods( return structs.NewErrRPCCodedf(400, "ACL auth method lookup failed: %v", err) } if lookupAuthMethod != nil { - reply.AuthMethods = append(reply.AuthMethods, lookupAuthMethod) + reply.AuthMethods = append(reply.AuthMethods, lookupAuthMethod.Sanitize()) } }