ConfigBuilder::authorization_provider (added in #194) injects an authorization
member — e.g. "Bearer <jwt>" — into the JSON-RPC request. The raw client logs the
full serialized request at TRACE, so the token is written to the logs in cleartext.
In src/raw_client.rs (0.25.0):
~L798: trace!("==> {}", String::from_utf8_lossy(&raw));
~L954: same, in the batch path.
Repro: any authenticated request with RUST_LOG=electrum_client=trace prints the
"authorization":"Bearer <jwt>" field. This is a credential leak for anyone using
authenticated Electrum proxies.
Suggested fix
Redact the authorization value before logging the request — e.g. log a copy with the
authorization field replaced by "<redacted>" (or omitted) instead of the raw bytes.
The response trace (<== {raw_resp}) is unaffected.
Happy to send a PR (follow-up to #194).
ConfigBuilder::authorization_provider(added in #194) injects anauthorizationmember — e.g.
"Bearer <jwt>"— into the JSON-RPC request. The raw client logs thefull serialized request at
TRACE, so the token is written to the logs in cleartext.In
src/raw_client.rs(0.25.0):~L798:trace!("==> {}", String::from_utf8_lossy(&raw));~L954: same, in the batch path.Repro: any authenticated request with
RUST_LOG=electrum_client=traceprints the"authorization":"Bearer <jwt>"field. This is a credential leak for anyone usingauthenticated Electrum proxies.
Suggested fix
Redact the
authorizationvalue before logging the request — e.g. log a copy with theauthorizationfield replaced by"<redacted>"(or omitted) instead of the raw bytes.The response trace (
<== {raw_resp}) is unaffected.Happy to send a PR (follow-up to #194).