Cache credentials and the private key are exposed in the logs

[Inkvi]

When the proxy starts, it prints the proxy server config as a log message at info level. If S3 or Redis credentials are used, they are leaked to the logs from that server config. Additionally SignerPrivateKeyHex is always leaked regardless of the cache or fallback being used.

│ t=2024-10-08T17:28:35+0000 lvl=info msg="Initializing EigenDA proxy server with config: {\n  \"EigenDAConfig\": {\n    \"EdaClientConfig\": {\n      \"RPC\": \"disperser-holesky.eigen │
│ da.xyz:443\",\n      \"StatusQueryTimeout\": 1800000000000,\n      \"StatusQueryRetryInterval\": 5000000000,\n      \"ResponseTimeout\": 60000000000,\n      \"CustomQuorumIDs\": [],\n │
│       \"SignerPrivateKeyHex\": \"REDACTED",\n      \"DisableTLS\": false,\n      \"PutBlobEncodingVersion\": 0,\n      \"Disab │
│ lePointVerificationMode\": false,\n      \"WaitForFinalization\": false\n    },\n    \"VerifierConfig\": {\n      \"KzgConfig\": {\n        \"G1Path\": \"resources/g1.point\",\n       │
│   \"G2Path\": \"\",\n        \"G1PowerOf2Path\": \"\",\n        \"G2PowerOf2Path\": \"resources/g2.point.powerOf2\",\n        \"CacheDir\": \"resources/SRSTables/\",\n        \"NumWor │
│ ker\": 8,\n        \"SRSOrder\": 268435456,\n        \"SRSNumberToLoad\": 524288,\n        \"Verbose\": false,\n        \"PreloadEncoder\": false\n      },\n      \"VerifyCerts\": fal │
│ se,\n      \"RPCURL\": \"\",\n      \"SvcManagerAddr\": \"\",\n      \"EthConfirmationDepth\": 0\n    },\n    \"MemstoreEnabled\": false,\n    \"MemstoreConfig\": {\n      \"MaxBlobSi │
│ zeBytes\": 16777216,\n      \"BlobExpiration\": 1500000000000,\n      \"PutLatency\": 0,\n      \"GetLatency\": 0\n    },\n    \"FallbackTargets\": [],\n    \"CacheTargets\": [],\n    │
│  \"RedisConfig\": {\n      \"Endpoint\": \"\",\n      \"Password\": \"\",\n      \"DB\": 0,\n      \"Eviction\": 86400000000000,\n      \"Profile\": false\n    },\n    \"S3Config\": { │
│ \n      \"CredentialType\": \"static\",\n      \"Endpoint\": \"storage.googleapis.com\",\n      \"EnableTLS\": false,\n      \"AccessKeyID\": \"REDACTED\",\n      \"AccessKeySecret\": \"REDACTED\",\n      \"Bucket\": \"REDACTED\",\n      \"Path\": \"\",\n      │
│  \"Backup\": false,\n      \"Timeout\": 5000000000,\n      \"Profiling\": false\n    }\n  },\n  \"MetricsCfg\": {\n    \"Enabled\": true,\n    \"ListenAddr\": \"0.0.0.0\",\n    \"List │
│ enPort\": 7300\n  }\n}" role=eigenda_proxy

[samlaf]

Hey! We just changed this print last night to hide the private key and eth rpc endpoint. See here.

We can hide other things, like the s3 and redis cache. Should be an easy fix. cc @bxue-l2