From f23580eb21a9b1e5a3110f9245e0cdb0b5c87b27 Mon Sep 17 00:00:00 2001
From: Jeff Ortel <jortel@redhat.com>
Date: Wed, 8 Oct 2025 11:26:01 -0500
Subject: [PATCH 1/3] Ensure settings are redacted.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
---
 cmd/main.go     |  2 +-
 settings/all.go | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/cmd/main.go b/cmd/main.go
index bdd2ae82d..761064a1b 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -128,7 +128,7 @@ func printHeap() {
 
 // main.
 func main() {
-	log.Info("Started", "settings", Settings)
+	log.Info("Started:\n" + Settings.String())
 	var err error
 	defer func() {
 		if err != nil {
diff --git a/settings/all.go b/settings/all.go
index e69e9adb7..477208e37 100644
--- a/settings/all.go
+++ b/settings/all.go
@@ -3,6 +3,8 @@ package settings
 import (
 	"os"
 	"strconv"
+
+	"gopkg.in/yaml.v2"
 )
 
 var Settings TackleSettings
@@ -34,6 +36,15 @@ func (r *TackleSettings) Load() (err error) {
 	return
 }
 
+// String returns a YAML representation.
+// Redacted as needed.
+func (r TackleSettings) String() (s string) {
+	r.Encryption.Passphrase = "********"
+	b, _ := yaml.Marshal(r)
+	s = string(b)
+	return
+}
+
 // Get boolean.
 func getEnvBool(name string, def bool) bool {
 	boolean := def

From be96181031c1bdfff8b4945ecedba9e1482d1895 Mon Sep 17 00:00:00 2001
From: Jeff Ortel <jortel@redhat.com>
Date: Wed, 8 Oct 2025 16:49:43 -0500
Subject: [PATCH 2/3] checkpoint

Signed-off-by: Jeff Ortel <jortel@redhat.com>
---
 settings/all.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/settings/all.go b/settings/all.go
index 477208e37..cd3cfa26b 100644
--- a/settings/all.go
+++ b/settings/all.go
@@ -40,7 +40,10 @@ func (r *TackleSettings) Load() (err error) {
 // Redacted as needed.
 func (r TackleSettings) String() (s string) {
 	r.Encryption.Passphrase = "********"
-	b, _ := yaml.Marshal(r)
+	b, err := yaml.Marshal(r)
+	if err != nil {
+		panic(err)
+	}
 	s = string(b)
 	return
 }

From 8450ecf8dbbaf40959514fcda782754a37c5877d Mon Sep 17 00:00:00 2001
From: Jeff Ortel <jortel@redhat.com>
Date: Wed, 8 Oct 2025 17:51:33 -0500
Subject: [PATCH 3/3] redact keycloak fields.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
---
 settings/all.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/settings/all.go b/settings/all.go
index cd3cfa26b..08683df2f 100644
--- a/settings/all.go
+++ b/settings/all.go
@@ -39,7 +39,11 @@ func (r *TackleSettings) Load() (err error) {
 // String returns a YAML representation.
 // Redacted as needed.
 func (r TackleSettings) String() (s string) {
-	r.Encryption.Passphrase = "********"
+	redacted := "********"
+	r.Encryption.Passphrase = redacted
+	r.Auth.Keycloak.ClientSecret = redacted
+	r.Auth.Keycloak.Admin.Pass = redacted
+	r.Auth.Keycloak.Admin.User = redacted
 	b, err := yaml.Marshal(r)
 	if err != nil {
 		panic(err)