Skip to content

[cmd/opampsupervisor] Redact HTTP headers in debug message #43781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
songy23 merged 2 commits into from
Nov 5, 2025
Merged

[cmd/opampsupervisor] Redact HTTP headers in debug message #43781

songy23 merged 2 commits into from
Nov 5, 2025

Conversation

@johannaojeling
Copy link
Member

@johannaojeling johannaojeling commented Oct 26, 2025

Description

Redacts the user-provided HTTP header values when writing them in a debug message on OpAMP server startup.

If using the following example config:

server:
  endpoint: "http://127.0.0.1:8080/v1/opamp"
  headers:
    Authorization: "Basic dXNlcjpwd2QK"

agent:
  executable: ./bin/otelcol-contrib

telemetry:
  logs:
    level: debug

The log output will now look like:

{"level":"debug","ts":1761474887.360533,"logger":"supervisor","caller":"supervisor/supervisor.go:663","msg":"Connecting to OpAMP server...","endpoint":"http://127.0.0.1:8080/v1/opamp","headers":{"Authorization":["[REDACTED]"]}}

Link to tracking issue

Fixes #43780

Testing

Added unit tests for OpAMPServer.OpaqueHeaders() method.

Documentation

@TylerHelmuth
Copy link
Member

TylerHelmuth commented Nov 4, 2025

Please add a changelong

@songy23 songy23 merged commit f1f50ba into open-telemetry:main Nov 5, 2025
189 checks passed
@github-actions github-actions bot added this to the next release milestone Nov 5, 2025
@github-actions github-actions bot mentioned this pull request Nov 5, 2025
Open
jelly-afk pushed a commit to jelly-afk/opentelemetry-collector-contrib that referenced this pull request Nov 6, 2025
@johannaojeling @jelly-afk
[cmd/opampsupervisor] Redact HTTP headers in debug message (open-tele…
9d44024 
…metry#43781)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description
Redacts the user-provided HTTP header values when writing them in a
debug message on OpAMP server startup.

If using the following example config:

```yaml
server:
  endpoint: "http://127.0.0.1:8080/v1/opamp"
  headers:
    Authorization: "Basic dXNlcjpwd2QK"

agent:
  executable: ./bin/otelcol-contrib

telemetry:
  logs:
    level: debug
```

The log output will now look like:

```
{"level":"debug","ts":1761474887.360533,"logger":"supervisor","caller":"supervisor/supervisor.go:663","msg":"Connecting to OpAMP server...","endpoint":"http://127.0.0.1:8080/v1/opamp","headers":{"Authorization":["[REDACTED]"]}}
```

<!-- Issue number (e.g. open-telemetry#1234) or full URL to issue, if applicable. -->
#### Link to tracking issue
Fixes
open-telemetry#43780

<!--Describe what testing was performed and which tests were added.-->
#### Testing
Added unit tests for `OpAMPServer.OpaqueHeaders()` method.

<!--Describe the documentation added.-->
#### Documentation

<!--Please delete paragraphs that you did not use before submitting.-->
@johannaojeling johannaojeling deleted the opampsupervisor-redact-headers branch November 10, 2025 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TylerHelmuth TylerHelmuth TylerHelmuth approved these changes

@evan-bradley evan-bradley Awaiting requested review from evan-bradley evan-bradley is a code owner

@atoulme atoulme Awaiting requested review from atoulme atoulme is a code owner

@tigrannajaryan tigrannajaryan Awaiting requested review from tigrannajaryan tigrannajaryan is a code owner

+1 more reviewer

@iblancasa iblancasa iblancasa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@bogdandrutu bogdandrutu

Labels

cmd/opampsupervisor

Projects

None yet

Milestone

v0.140.1

Development

Successfully merging this pull request may close these issues.

[cmd/opampsupervisor] Sensitive HTTP header values exposed in debug logs

5 participants

@johannaojeling @TylerHelmuth @iblancasa @bogdandrutu @songy23