Mathias 4af1036423 fix(ingestion): redact password from BRAIN_PG_DSN log line ...

The previous "crude redaction" — pgDSN[:strings.IndexByte(pgDSN+"@", '@')] —
sliced up to the `@` character, which sits *after* the password in a
postgres URL, so the log line included the password in plaintext (caught
on first activation, 2026-05-18 startup log).

Use url.Parse + URL.Redacted() instead. Falls back to "postgres://***"
if parsing fails — we never log a raw DSN.

2026-05-19 13:04:12 +02:00

8.6 KiB

Raw Blame History

View Raw