Skip to content

Commit a30e5b9

Browse files
UgnineSirdisUgnineSirdis
authored
EXT-1770 Don't show certificate/private key fields in configs dispatcher in developer UI (#30274)
1 parent 804872d commit a30e5b9

File tree

1 file changed

+15
-14
lines changed

1 file changed

+15
-14
lines changed

ydb/core/protos/config.proto

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ import "ydb/library/actors/protos/interconnect.proto";
4242
import "yql/essentials/core/file_storage/proto/file_storage.proto";
4343
import "yql/essentials/providers/common/proto/gateways_config.proto";
4444
import "ydb/core/protos/s3_settings.proto";
45+
import "ydb/public/api/protos/annotations/sensitive.proto";
4546

4647
package NKikimrConfig;
4748
option java_package = "ru.yandex.kikimr.proto";
@@ -409,7 +410,7 @@ message TBlobStorageFormatConfig {
409410

410411
message TUAClientConfig {
411412
optional string Uri = 1;
412-
optional string SharedSecretKey = 2;
413+
optional string SharedSecretKey = 2 [(Ydb.sensitive) = true];
413414
optional uint64 MaxInflightBytes = 3 [default = 100000000];
414415
optional uint64 GrpcReconnectDelayMs = 4;
415416
optional uint64 GrpcSendDelayMs = 5;
@@ -494,8 +495,8 @@ message TInterconnectConfig {
494495
optional bool TlsAuthOnly = 38; // do not encrypt traffic
495496
repeated string ForbiddenSignatureAlgorithms = 50;
496497
optional bool EnforceScopeValidation = 18;
497-
optional bytes Certificate = 30; // in PEM format
498-
optional bytes PrivateKey = 31; // in PEM format
498+
optional bytes Certificate = 30 [(Ydb.sensitive) = true]; // in PEM format
499+
optional bytes PrivateKey = 31 [(Ydb.sensitive) = true]; // in PEM format
499500
optional string PathToCertificateFile = 35;
500501
optional string PathToPrivateKeyFile = 36;
501502
optional string PathToCaFile = 37;
@@ -606,7 +607,7 @@ message TMonitoringConfig {
606607
optional string ProcessLocation = 11;
607608
optional string AllowOrigin = 12;
608609
optional string RedirectMainPageTo = 13 [default = "monitoring/"];
609-
optional string MonitoringCertificate = 14;
610+
optional string MonitoringCertificate = 14 [(Ydb.sensitive) = true];
610611
optional string MonitoringCertificateFile = 15;
611612
optional string MemAllocDumpPathPrefix = 16;
612613
optional uint32 MaxRequestsPerSecond = 17 [default = 0];
@@ -775,9 +776,9 @@ message TGRpcConfig {
775776
optional NKikimrStream.TStreamingConfig StreamingConfig = 8;
776777
// Ssl part
777778
optional uint32 SslPort = 9;
778-
optional string CA = 10;
779-
optional string Cert = 11;
780-
optional string Key = 12;
779+
optional string CA = 10 [(Ydb.sensitive) = true];
780+
optional string Cert = 11 [(Ydb.sensitive) = true];
781+
optional string Key = 12 [(Ydb.sensitive) = true];
781782
optional string PathToCertificateFile = 27;
782783
optional string PathToPrivateKeyFile = 28;
783784
optional string PathToCaFile = 29;
@@ -889,9 +890,9 @@ message THttpProxyConfig {
889890
optional bool Enabled = 1;
890891
optional uint32 Port = 2;
891892
optional bool Secure = 3;
892-
optional string CA = 4;
893-
optional string Cert = 5;
894-
optional string Key = 6;
893+
optional string CA = 4 [(Ydb.sensitive) = true];
894+
optional string Cert = 5 [(Ydb.sensitive) = true];
895+
optional string Key = 6 [(Ydb.sensitive) = true];
895896

896897
repeated string YandexCloudServiceRegion = 7;
897898
optional string IamTokenServiceEndpoint = 8;
@@ -2739,7 +2740,7 @@ message TClientCertificateAuthorization {
27392740

27402741
message TLocalPgWireConfig {
27412742
optional int32 ListeningPort = 1 [default = 5432];
2742-
optional string SslCertificate = 5;
2743+
optional string SslCertificate = 5 [(Ydb.sensitive) = true];
27432744
optional string Address = 6 [default = "::"];
27442745
optional bool TcpNotDelay = 7 [default = true];
27452746
}
@@ -2751,9 +2752,9 @@ message TKafkaProxyConfig {
27512752

27522753
// You can either specify the path to the certificate, which will contain both the certificate and the private key,
27532754
// or specify them separately in parameters Cert and Key.
2754-
optional string SslCertificate = 3;
2755-
optional string Cert = 8;
2756-
optional string Key = 9;
2755+
optional string SslCertificate = 3 [(Ydb.sensitive) = true];
2756+
optional string Cert = 8 [(Ydb.sensitive) = true];
2757+
optional string Key = 9 [(Ydb.sensitive) = true];
27572758

27582759
optional uint64 MaxMessageSize = 4 [default = 16777216];
27592760
optional uint64 MaxInflightSize = 5 [default = 16777216];

0 commit comments

Comments
 (0)