don't log some plaintext secret info

2023-04-03 12:05:53 +10:00
parent 81d67088f3
commit b00c6fd36d
2 changed files with 16 additions and 16 deletions
--- a/main.go
+++ b/main.go
@@ -8,7 +8,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
@@ -51,7 +50,12 @@ func main() {
 	// Global middleware
 	// Logger middleware will write the logs to gin.DefaultWriter even if you set with GIN_MODE=release.
 	// By default gin.DefaultWriter = os.Stdout
-	gin.DefaultWriter = io.MultiWriter(logfileWriter, os.Stdout)
+
 	// log to file only
 	gin.DefaultWriter = logfileWriter
 	// log to file and stdout
 	//gin.DefaultWriter = io.MultiWriter(logfileWriter, os.Stdout)
 	router.Use(gin.Logger())
 	// Recovery middleware recovers from any panics and writes a 500 if there was one.
--- a/models/secret.go
+++ b/models/secret.go
@@ -125,10 +125,9 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
 	// The key argument should be the AES key, either 16 or 32 bytes
 	// to select AES-128 or AES-256.
 	key := []byte(keyString)
 	//key := []byte("ECB518652A170880555136EA1F9752D6")
 	plaintext := []byte(s.Secret)
-	log.Printf("EncryptSecret applying key '%v' of length '%d' to plaintext secret '%s'\n", key, len(key), s.Secret)
+	//log.Printf("EncryptSecret applying key '%v' of length '%d' to plaintext secret '%s'\n", key, len(key), s.Secret)
 	block, err := aes.NewCipher(key)
 	if err != nil {
@@ -142,7 +141,7 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
 		log.Printf("EncryptSecret nonce generation error '%s'\n", err)
 		return s, err
 	}
-	log.Printf("EncryptSecret random nonce value is '%x'\n", nonce)
+	//log.Printf("EncryptSecret random nonce value is '%x'\n", nonce)
 	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
@@ -151,12 +150,12 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
 	}
 	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
-	log.Printf("EncryptSecret generated ciphertext '%x''\n", ciphertext)
+	//log.Printf("EncryptSecret generated ciphertext '%x''\n", ciphertext)
 	// Create a new slice to store nonce at the start and then the resulting ciphertext
 	// Nonce is always 12 bytes
 	combinedText := append(nonce, ciphertext...)
-	log.Printf("EncryptSecret combined secret value is now '%x'\n", combinedText)
+	//log.Printf("EncryptSecret combined secret value is now '%x'\n", combinedText)
 	// Store the value back into the struct ready for database operations
 	s.Secret = hex.EncodeToString(combinedText)
@@ -167,12 +166,10 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
 }
 func (s *Secret) DecryptSecret() (*Secret, error) {
 	keyString := os.Getenv("SECRETS_KEY")
 	key := []byte(keyString)
 	// The key argument should be the AES key, either 16 or 32 bytes
 	// to select AES-128 or AES-256.
-	//key := []byte("ECB518652A170880555136EA1F9752D6")
+	keyString := os.Getenv("SECRETS_KEY")
 	key := []byte(keyString)
 	if len(s.Secret) < nonceSize {
 		log.Printf("DecryptSecret ciphertext is too short to decrypt\n")
@@ -185,14 +182,13 @@ func (s *Secret) DecryptSecret() (*Secret, error) {
 		return s, err
 	}
-	log.Printf("DecryptSecret processing secret '%x'\n", crypted)
+	//log.Printf("DecryptSecret processing secret '%x'\n", crypted)
 	//nonce, _ := hex.DecodeString("64a9433eae7ccceee2fc0eda")
 	// The nonce is the first 12 bytes from the ciphertext
 	nonce := crypted[:nonceSize]
 	ciphertext := crypted[nonceSize:]
-	log.Printf("DecryptSecret applying key '%v' and nonce '%x' to ciphertext '%x'\n", key, nonce, ciphertext)
+	//log.Printf("DecryptSecret applying key '%v' and nonce '%x' to ciphertext '%x'\n", key, nonce, ciphertext)
 	block, err := aes.NewCipher(key)
 	if err != nil {
@@ -212,7 +208,7 @@ func (s *Secret) DecryptSecret() (*Secret, error) {
 		return s, err
 	}
-	log.Printf("DecryptSecret plaintext is '%s'\n", plaintext)
+	//log.Printf("DecryptSecret plaintext is '%s'\n", plaintext)
 	s.Secret = string(plaintext)
 	return s, nil