Merge branch 'add-parameters' into 'master'

Add more parameters to the filter_parameters config.

Adds Sentry DSN, Webhooks, Deploy Keys, etc.

Alphabetized the parameters and included line breaks between each parameter. Easier to merge into EE if there are any differences.

This also seems to be the more popular syntax for adding new parameters, from what I can find.

In the future we may want to [increase the specificity of some of these](http://blog.bigbinary.com/2016/03/07/parameter-filtering-enhacement-rails-5.html) once Rails 5 is out. e.g. instead of `:hook`, `"hook.url"` would be just as effective without removing potentially useful information from the logs.

cc: @stanhu 

See merge request !3971

1 files changed, 24 insertions, 1 deletions

diff --git a/config/application.rb b/config/application.rb
index 2e2ed48db07..b602e2b6168 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -32,7 +32,30 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url)
+    # 
+    # Parameters filtered:
+    # - Password (:password, :password_confirmation)
+    # - Private tokens (:private_token)
+    # - Two-factor tokens (:otp_attempt)
+    # - Repo/Project Import URLs (:import_url)
+    # - Build variables (:variables)
+    # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
+    # - Webhook URLs (:hook)
+    # - Sentry DSN (:sentry_dsn)
+    # - Deploy keys (:key)
+    config.filter_parameters += %i(
+      certificate
+      encrypted_key
+      hook
+      import_url
+      key
+      otp_attempt
+      password
+      password_confirmation
+      private_token
+      sentry_dsn
+      variables
+    )
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true