TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-20 01:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/tailscale/cli: redact private key in debug netmap output by default

Browse Source 
This makes `tailscale debug watch-ipn` safe to use for troubleshooting
user issues, in addition to local debugging during development.

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson
2022-12-21 12:44:51 -08:00
committed by Dave Anderson
parent d72575eaaa
commit 91e64ca74f
3 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/tailscale/cli/debug.go
View File

@@ -134,6 +134,7 @@ var debugCmd = &ffcli.Command{
fs := newFlagSet("watch-ipn")
fs.BoolVar(&watchIPNArgs.netmap, "netmap", true, "include netmap in messages")
fs.BoolVar(&watchIPNArgs.initial, "initial", false, "include initial status")
fs.BoolVar(&watchIPNArgs.showPrivateKey, "show-private-key", false, "include node private key in printed netmap")
return fs
})(),
},
@@ -319,8 +320,9 @@ func runPrefs(ctx context.Context, args []string) error {
}
var watchIPNArgs struct {
netmap bool
initial bool
netmap bool
initial bool
showPrivateKey bool
}
func runWatchIPN(ctx context.Context, args []string) error {
@@ -328,6 +330,9 @@ func runWatchIPN(ctx context.Context, args []string) error {
if watchIPNArgs.initial {
mask = ipn.NotifyInitialState | ipn.NotifyInitialPrefs | ipn.NotifyInitialNetMap
}
if !watchIPNArgs.showPrivateKey {
mask |= ipn.NotifyNoPrivateKeys
}
watcher, err := localClient.WatchIPNBus(ctx, mask)
if err != nil {
return err