Mask Webhook secret Key

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      While configuring webhooks in bitbucket, we have the option to provide a secret key that is not masked, and hence the plain text secret key is visible in audit logs, kindly mask the secret key 

      Steps to reproduce 

      1. Configure webhook in Bitbucket server
      2. When the hook is created,modified we see the secret key in Plan text in the audit logs.

       

      Work Around : 

      Currently we only have one work around to turn off Local configuration and administration log level in audit settings, which also disables other useful login events which is not desirable.  

       

        1. image-2022-12-20-16-01-19-646.png
          86 kB
          Neeraj Upadhyay

            Assignee:
            Milly Wilson
            Reporter:
            Neeraj Upadhyay (Inactive)
            Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: