From 4ed73282d204e5aa5dec67b308a235af6097427b Mon Sep 17 00:00:00 2001
From: Ellis Percival <flyte@failcode.co.uk>
Date: Mon, 20 Apr 2026 12:02:11 +0100
Subject: [PATCH] Redact sensitive fields from the client config before
 loggging them. Fixes #25

---
 main.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/main.js b/main.js
index 82227f1..5ea7397 100644
--- a/main.js
+++ b/main.js
@@ -13,6 +13,17 @@ const Constants = {
 	RECONNECT_INVERVAL_MS: 1000
 }
 
+// Redact sensitive fields from the client config for logging purposes
+function redactClientConfig(clientConfig) {
+	const redacted = { ...clientConfig }
+	for (const field of ['privateKey', 'password', 'passphrase']) {
+		if (redacted[field]) {
+			redacted[field] = '[REDACTED]'
+		}
+	}
+	return redacted
+}
+
 class SSHInstance extends InstanceBase {
 	constructor(internal) {
 		super(internal)
@@ -111,7 +122,7 @@ class SSHInstance extends InstanceBase {
 
 			this.sshClient.on('error', (err) => {
 				this.log('error', 'Server connection error: ' + err)
-				this.log('error', JSON.stringify(clientConfig))
+				this.log('error', JSON.stringify(redactClientConfig(clientConfig)))
 				this.updateStatus(InstanceStatus.ConnectionFailure)
 				this.queueReconnect()
 			})