From 8991c8b58990528c786fa9e084fd5dc11f4d04e0 Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@victoriametrics.com>
Date: Wed, 20 Oct 2021 00:51:06 +0300
Subject: [PATCH] lib/flagutil: do not expose sensitive info (passwords, keys
 and urls) at /flags page

---
 lib/flagutil/flag.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/flagutil/flag.go b/lib/flagutil/flag.go
index 706dc13f0..919cef462 100644
--- a/lib/flagutil/flag.go
+++ b/lib/flagutil/flag.go
@@ -4,12 +4,17 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"strings"
 )
 
 // WriteFlags writes all the explicitly set flags to w.
 func WriteFlags(w io.Writer) {
 	flag.Visit(func(f *flag.Flag) {
+		lname := strings.ToLower(f.Name)
 		value := f.Value.String()
+		if IsSecretFlag(lname) {
+			value = "secret"
+		}
 		fmt.Fprintf(w, "-%s=%q\n", f.Name, value)
 	})
 }