Skip to content

Remove dnceng-symbol-server-pat from publish-logs.yml redaction list#16868

Merged
missymessa merged 3 commits into
mainfrom
remove-dnceng-symbol-server-pat-redaction
May 26, 2026
Merged

Remove dnceng-symbol-server-pat from publish-logs.yml redaction list#16868
missymessa merged 3 commits into
mainfrom
remove-dnceng-symbol-server-pat-redaction

Conversation

@missymessa
Copy link
Copy Markdown
Member

@missymessa missymessa commented May 22, 2026

Summary

Remove the \dnceng-symbol-server-pat\ entry from the binlog redaction list in \�ng/common/core-templates/steps/publish-logs.yml.

Motivation

PR #16688 migrated symbol upload authentication from PAT-based auth to \DefaultIdentityTokenCredential\ (Entra). The PAT is no longer functionally used for symbol publishing. This cleanup removes the now-unnecessary redaction entry.

Changes

  • Removed ''\ from the
    edact-logs.ps1\ arguments in \publish-logs.yml\

Related

@missymessa
Remove dnceng-symbol-server-pat from publish-logs.yml redaction list
5ab60e3 
The PAT is no longer used for symbol upload authentication since PR #16688
migrated to DefaultIdentityTokenCredential (Entra auth). The redaction
entry is no longer needed.

Relates to: dnceng/internal#10150
Copilot AI review requested due to automatic review settings May 22, 2026 21:35
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes the dnceng-symbol-server-pat entry from the sensitive-token list passed to the post-build log/binlog redaction step (publish-logs.yml), as follow-up cleanup after migrating symbol publishing authentication away from PATs.

Changes:

  • Removed $(dnceng-symbol-server-pat) from the arguments passed to eng/common/post-build/redact-logs.ps1.

Comment thread eng/common/core-templates/steps/publish-logs.yml
@missymessa missymessa requested review from hoyosjs and mmitche May 22, 2026 21:39
@missymessa
Also remove dnceng-symbol-server-pat from vault config
ffb61a0 
Remove the secret manifest entry so the PAT is no longer provisioned
to EngKeyVault. This addresses the defense-in-depth concern: removing
both the source (vault config) and the redaction entry together ensures
the token cannot leak in binlogs.
@missymessa
Copy link
Copy Markdown
Member Author

missymessa commented May 22, 2026

Addressed the review feedback: added a second commit that removes the dnceng-symbol-server-pat entry from .vault-config/product-builds-engkeyvault.yaml. This way the secret is no longer provisioned to EngKeyVault, and removing the redaction entry is safe since the token can't appear in builds anymore.

@build-analysis build-analysis Bot mentioned this pull request May 23, 2026
Open
3 tasks
Copilot AI review requested due to automatic review settings May 26, 2026 19:58
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@missymessa missymessa enabled auto-merge (squash) May 26, 2026 20:23
@missymessa missymessa merged commit 684fd43 into main May 26, 2026
11 of 12 checks passed
@missymessa missymessa deleted the remove-dnceng-symbol-server-pat-redaction branch May 26, 2026 22:26
@dotnet-maestro dotnet-maestro Bot mentioned this pull request May 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hoyosjs hoyosjs hoyosjs approved these changes

@mmitche mmitche Awaiting requested review from mmitche

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@missymessa @hoyosjs