Description
The current bootstrap function logs the entire Config object in plaintext. This results in credentials and private authentication tokens being written to the log stream, which could be exposed to unauthorized users via log management systems or monitoring dashboards.
Identified Leaks
The following sensitive fields are currently logged in plaintext:
- admin_password: The dashboard administrative password is fully visible.
- notification_urls: Third-party integration secrets (such as Telegram Bot tokens and Chat IDs) are exposed.
- agents_config tokens: The token values used for agent authentication are printed during startup.
Description
The current bootstrap function logs the entire Config object in plaintext. This results in credentials and private authentication tokens being written to the log stream, which could be exposed to unauthorized users via log management systems or monitoring dashboards.
Identified Leaks
The following sensitive fields are currently logged in plaintext: