This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

How can Auth Tokens be used securly in core.http runner?


I want to make an API call by using an auth token which should not be passed as cleartext to the logs.
The API request is working if I pass the Token via header in the format below:


But if I do it like this, it’s value is cleartext leaked to the Stackstorm logs. I tried to use “auth” parameter which fails all the time even if you use the example ‘x-auth-token=XYZ’.

Always an error like this is received:

'str' object is not callable
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2actions/container/", line 128, in _do_run
    (status, result, context) =
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/", line 113, in run
    result =
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/", line 262, in run
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 516, in request
    prep = self.prepare_request(req)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 459, in prepare_request
    hooks=merge_hooks(request.hooks, self.hooks),
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 318, in prepare
    self.prepare_auth(auth, url)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 549, in prepare_auth
    r = auth(self)

Is there any possibility to to use a token in a safe way? BasicAuth is not possible.