From acee8c8a88809a875c36a64059d2b1bdfd0ec4fe Mon Sep 17 00:00:00 2001
From: Nick Pillitteri <56quarters@users.noreply.github.com>
Date: Thu, 23 Sep 2021 14:34:09 -0400
Subject: [PATCH] Redact remote write URL when used for metric label (#9383)

Redact any basic auth passwords in the remote write URL (which are
technically allowed although not recommended) when used as metric
labels.

Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
---
 storage/remote/write.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/storage/remote/write.go b/storage/remote/write.go
index 2d96f70ae..b3fec364a 100644
--- a/storage/remote/write.go
+++ b/storage/remote/write.go
@@ -158,7 +158,10 @@ func (rws *WriteStorage) ApplyConfig(conf *config.Config) error {
 			continue
 		}
 
-		endpoint := rwConf.URL.String()
+		// Redacted to remove any passwords in the URL (that are
+		// technically accepted but not recommended) since this is
+		// only used for metric labels.
+		endpoint := rwConf.URL.Redacted()
 		newQueues[hash] = NewQueueManager(
 			newQueueManagerMetrics(rws.reg, name, endpoint),
 			rws.watcherMetrics,