cli: redact config output

evcc-io · Feb 14, 2025 · 0b5376b · 0b5376b
1 parent 6fb3dbb
commit 0b5376b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 11 deletions.
diff --git a/cmd/config.go b/cmd/config.go
@@ -1,7 +1,9 @@
 package cmd
 
 import (
+	"encoding/json"
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/evcc-io/evcc/util/config"
@@ -54,7 +56,20 @@ func runConfig(cmd *cobra.Command, args []string) {
 			}
 
 			for _, c := range configurable {
-				fmt.Println(config.NameForID(c.ID), "type:"+c.Type, c.Value)
+
+				var j map[string]any
+				if err := json.Unmarshal([]byte(c.Value), &j); err != nil {
+					panic(err)
+				}
+
+				for k := range j {
+					if slices.Contains(redactSecrets, k) {
+						j[k] = "*****"
+					}
+				}
+
+				jstr, _ := json.Marshal(j)
+				fmt.Println(config.NameForID(c.ID), "type:"+c.Type, string(jstr))
 			}
 
 			fmt.Println("")

diff --git a/cmd/helper.go b/cmd/helper.go
@@ -1,11 +1,13 @@
 package cmd
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
 	"os"
 	"regexp"
+	"slices"
 	"strings"
 
 	"github.com/evcc-io/evcc/cmd/shutdown"
@@ -45,22 +47,39 @@ func unwrap(err error) (res []string) {
 	return
 }
 
+var redactSecrets = []string{
+	"mac",                   // infrastructure
+	"sponsortoken", "plant", // global settings
+	"user", "password", "pin", // users
+	"token", "access", "refresh", "accesstoken", "refreshtoken", // tokens, including template variations
+	"ain", "secret", "serial", "deviceid", "machineid", "idtag", // devices
+	"app", "chats", "recipients", // push messaging
+	"vin", // vehicles
+}
+
 // redact redacts a configuration string
 func redact(src string) string {
-	secrets := []string{
-		"mac",                   // infrastructure
-		"sponsortoken", "plant", // global settings
-		"user", "password", "pin", // users
-		"token", "access", "refresh", "accesstoken", "refreshtoken", // tokens, including template variations
-		"ain", "secret", "serial", "deviceid", "machineid", "idtag", // devices
-		"app", "chats", "recipients", // push messaging
-		"vin", // vehicles
-	}
 	return regexp.
-		MustCompile(fmt.Sprintf(`(?i)\b(%s)\b.*?:.*`, strings.Join(secrets, "|"))).
+		MustCompile(fmt.Sprintf(`(?i)\b(%s)\b.*?:.*`, strings.Join(redactSecrets, "|"))).
 		ReplaceAllString(src, "$1: *****")
 }
 
+func redactJson(src string) string {
+	var j map[string]any
+	if err := json.Unmarshal([]byte(src), &j); err != nil {
+		panic(err)
+	}
+
+	for k := range j {
+		if slices.Contains(redactSecrets, k) {
+			j[k] = "*****"
+		}
+	}
+
+	res, _ := json.Marshal(j)
+	return string(res)
+}
+
 // fatal logs a fatal error and runs shutdown functions before terminating
 func fatal(err error) {
 	log.FATAL.Println(err)