Merge pull request #10595 from lafirest/fix/password_redact

fix: add new sensitive keywords to redact checklist

apps/emqx_utils/src/emqx_utils.erl

@@ -581,6 +581,15 @@ is_sensitive_key(<<"password">>) -> true;
 is_sensitive_key(secret) -> true;
 is_sensitive_key("secret") -> true;
 is_sensitive_key(<<"secret">>) -> true;
+is_sensitive_key(secret_key) -> true;
+is_sensitive_key("secret_key") -> true;
+is_sensitive_key(<<"secret_key">>) -> true;
+is_sensitive_key(security_token) -> true;
+is_sensitive_key("security_token") -> true;
+is_sensitive_key(<<"security_token">>) -> true;
+is_sensitive_key(aws_secret_access_key) -> true;
+is_sensitive_key("aws_secret_access_key") -> true;
+is_sensitive_key(<<"aws_secret_access_key">>) -> true;
 is_sensitive_key(_) -> false.
 
 redact(Term) ->

lib-ee/emqx_ee_connector/src/emqx_ee_connector_dynamo.erl

@@ -48,7 +48,11 @@ fields(config) ->
         {aws_secret_access_key,
             mk(
                 binary(),
-                #{required => true, desc => ?DESC("aws_secret_access_key")}
+                #{
+                    required => true,
+                    desc => ?DESC("aws_secret_access_key"),
+                    sensitive => true
+                }
             )},
         {pool_size, fun emqx_connector_schema_lib:pool_size/1},
         {auto_reconnect, fun emqx_connector_schema_lib:auto_reconnect/1}

lib-ee/emqx_ee_connector/src/emqx_ee_connector_rocketmq.erl

@@ -52,9 +52,10 @@ fields(config) ->
         {secret_key,
             mk(
                 binary(),
-                #{default => <<>>, desc => ?DESC("secret_key")}
+                #{default => <<>>, desc => ?DESC("secret_key"), sensitive => true}
             )},
-        {security_token, mk(binary(), #{default => <<>>, desc => ?DESC(security_token)})},
+        {security_token,
+            mk(binary(), #{default => <<>>, desc => ?DESC(security_token), sensitive => true})},
         {sync_timeout,
             mk(
                 emqx_schema:duration(),