Follow-up to #938 / PR #951.
What
The pattern logger.info(f"DATABASE_URL : {DATABASE_URL}") lived in components/lif/mdr_utils/database_setup.py. It's plausibly been copied into other service-side modules in this monorepo. Audit + fix.
Likely suspects
components/lif/graphql_*/...components/lif/translator_*/...components/lif/advisor_api/... (and any other *_api)components/lif/query_cache_*/...components/lif/identity_mapper/...orchestrators/dagster/... (Dagster jobs use their own DB; same pattern risk)
Approach
Quick grep:
grep -rnE 'DATABASE_URL\s*:?\s*\{|logger\.info.*DATABASE_URL|logger\.info.*postgres(ql)?://' \
components/ bases/ projects/ orchestrators/For any hit, apply the same fix shape as PR #951: redact the password before logging (extract _redact_url to a shared util if more than one service needs it).
Definition of done
grep returns no matches for the leaking pattern.- Any module that does log a connection URL routes through a redacting helper.
- Spot-check production log groups for the dev / demo equivalents of the affected services.
Related
Follow-up to #938 / PR #951.
What
The pattern
logger.info(f"DATABASE_URL : {DATABASE_URL}")lived incomponents/lif/mdr_utils/database_setup.py. It's plausibly been copied into other service-side modules in this monorepo. Audit + fix.Likely suspects
components/lif/graphql_*/...components/lif/translator_*/...components/lif/advisor_api/...(and any other*_api)components/lif/query_cache_*/...components/lif/identity_mapper/...orchestrators/dagster/...(Dagster jobs use their own DB; same pattern risk)Approach
Quick grep:
grep -rnE 'DATABASE_URL\s*:?\s*\{|logger\.info.*DATABASE_URL|logger\.info.*postgres(ql)?://' \ components/ bases/ projects/ orchestrators/For any hit, apply the same fix shape as PR #951: redact the password before logging (extract
_redact_urlto a shared util if more than one service needs it).Definition of done
grepreturns no matches for the leaking pattern.Related