diff --git a/pkg/config/config.go b/pkg/config/config.go index 054cf619a..7cec55669 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -502,7 +502,7 @@ type GRPCServer struct { // GRPCServerTLSConfig describes gRPC server TLS configuration.m type GRPCServerTLSConfig struct { - CACertificate []byte `yaml:"caCertificate"` + CACertificate []byte `yaml:"caCertificate,omitempty"` UseSystemCertPool bool `yaml:"useSystemCertPool"` InsecureSkipVerify bool `yaml:"insecureSkipVerify"` } diff --git a/pkg/execute/config.go b/pkg/execute/config.go index 3a1dbf391..369407493 100644 --- a/pkg/execute/config.go +++ b/pkg/execute/config.go @@ -62,17 +62,22 @@ func (e *ConfigExecutor) renderBotkubeConfiguration() (string, error) { // hide sensitive info // TODO: avoid printing sensitive data without need to resetting them manually (which is an error-prone approach) - for key, old := range cfg.Communications { - old.Slack.Token = redactedSecretStr - old.SocketSlack.AppToken = redactedSecretStr - old.SocketSlack.BotToken = redactedSecretStr - old.Elasticsearch.Password = redactedSecretStr - old.Discord.Token = redactedSecretStr - old.Mattermost.Token = redactedSecretStr - old.Teams.AppPassword = redactedSecretStr + for key, val := range cfg.Communications { + val.Slack.Token = redactedSecretStr + val.SocketSlack.AppToken = redactedSecretStr + val.SocketSlack.BotToken = redactedSecretStr + val.Elasticsearch.Password = redactedSecretStr + val.Discord.Token = redactedSecretStr + val.Mattermost.Token = redactedSecretStr + val.Teams.AppPassword = redactedSecretStr + val.CloudSlack.Token = redactedSecretStr + + // To keep the printed config readable, we don't print the certificate bytes. + val.CloudSlack.Server.TLS.CACertificate = nil + val.CloudTeams.Server.TLS.CACertificate = nil // maps are not addressable: https://stackoverflow.com/questions/42605337/cannot-assign-to-struct-field-in-a-map - cfg.Communications[key] = old + cfg.Communications[key] = val } b, err := yaml.Marshal(cfg)