From ef6236034219600c949f67ec2758814d8b01b8e3 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Thu, 30 Jun 2016 13:15:43 -0700
Subject: [PATCH] Mask swarm secrets from daemon logs

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 8b8f86aec95ec73881c2dfb6e990784014d61e6e)
Signed-off-by: Tibor Vass <tibor@docker.com>
---
 api/server/middleware/debug.go | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/api/server/middleware/debug.go b/api/server/middleware/debug.go
index 6af8aa54d1..e0167f0a71 100644
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
+	"strings"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
@@ -40,9 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 
 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			if _, exists := postForm["password"]; exists {
-				postForm["password"] = "*****"
-			}
+			maskSecretKeys(postForm)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -54,3 +53,24 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 		return handler(ctx, w, r, vars)
 	}
 }
+
+func maskSecretKeys(inp interface{}) {
+	if arr, ok := inp.([]interface{}); ok {
+		for _, f := range arr {
+			maskSecretKeys(f)
+		}
+		return
+	}
+	if form, ok := inp.(map[string]interface{}); ok {
+	loop0:
+		for k, v := range form {
+			for _, m := range []string{"password", "secret"} {
+				if strings.EqualFold(m, k) {
+					form[k] = "*****"
+					continue loop0
+				}
+			}
+			maskSecretKeys(v)
+		}
+	}
+}