Hi,
I want to make an API call by using an auth token which should not be passed as cleartext to the
logs.
The API request is working if I pass the Token via header in the format below:
{"Authorization":"TokenValueXYZ"}
But if I do it like this, it’s value is cleartext leaked to the Stackstorm logs. I tried to use “auth” parameter which fails all the time even if you use the example ‘x-auth-token=XYZ’.
Always an error like this is received:
'str' object is not callable
File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2actions/container/base.py", line 128, in _do_run
(status, result, context) = runner.run(action_params)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/http_runner.py", line 113, in run
result = client.run()
File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/http_runner.py", line 262, in run
verify=self.verify
File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/sessions.py", line 516, in request
prep = self.prepare_request(req)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/sessions.py", line 459, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/models.py", line 318, in prepare
self.prepare_auth(auth, url)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/models.py", line 549, in prepare_auth
r = auth(self)
Is there any possibility to to use a token in a safe way? BasicAuth is not possible.
Thanks.