Skip to content

removing logs which exposes critical details#572

Merged
mahammedtaheer merged 6 commits into
mosip:developfrom
nagendra0721:develop
Jun 10, 2026
Merged

removing logs which exposes critical details#572
mahammedtaheer merged 6 commits into
mosip:developfrom
nagendra0721:develop

Conversation

@nagendra0721

@nagendra0721 nagendra0721 commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Chores
    • Minor logging and formatting updates in the key management service; no functional changes to key handling or certificate behavior observed.

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 9, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@nagendra0721, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 27 minutes and 10 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cb16a5b3-7887-497d-bd19-fea6503cbc15

📥 Commits

Reviewing files that changed from the base of the PR and between eecbfd0 and 17f0ff3.

📒 Files selected for processing (2)
  • kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/helper/SessionKeyDecryptorHelper.java
  • kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java

Walkthrough

This PR makes only logging and whitespace/formatting changes in KeymanagerServiceImpl: log messages around HSM master-key discovery and private-key decryption were updated, an ED25519 conditional was reformatted, and one info-log line in generateECSignKey was reflowed. No behavioral changes.

Changes

Key and Certificate Material Preparation

Layer / File(s) Summary
Logging and formatting adjustments
kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java
Updated log statements and message text around master-key entry discovery and the start of decrypting the DB-stored encrypted private key; reformatted the keyAlgorithm conditional (ED25519 branch) and tweaked whitespace on a LOGGER.info(...) call. Cryptographic logic and return values are unchanged.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 I danced through logs both neat and clear,
Tweaked messages so devs can peer,
Keys still decrypt the very same,
Just tidied text — no change in game! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: removing sensitive log statements that expose critical details in the keymanager service's cryptographic operations.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@vadherhemant vadherhemant left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java`:
- Around line 956-957: The LOGGER.info call in KeymanagerServiceImpl that
includes keyFromDBStore.toString() and decryptedPrivateKey.length exposes
sensitive cryptographic data; remove any serialization of keyFromDBStore and the
decryptedPrivateKey length from logs, instead log only non-sensitive identifiers
(e.g., a safe key store id or a masked alias) and a generic success message;
update the LOGGER.info invocation in KeymanagerServiceImpl to stop calling
keyFromDBStore.toString() and to omit decryptedPrivateKey, or replace them with
a single sanitized field (e.g., getKeyStoreId() or masked alias) to ensure no
private key material or cryptographic metadata is written to logs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fa5c09c1-a51b-46ba-b782-ca078fcc44cc

📥 Commits

Reviewing files that changed from the base of the PR and between 40bce84 and eecbfd0.

📒 Files selected for processing (1)
  • kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
@mahammedtaheer mahammedtaheer merged commit 238d38c into mosip:develop Jun 10, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants