Mask encryption_key_id

Change-Id: I9e684cd8bab85728ff0117f95a30eb7dbb5bf51c
Closes-Bug: #1814365

2 files changed, 5 insertions, 1 deletions

diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py
index d7b104d..287852b 100644
--- a/oslo_utils/strutils.py
+++ b/oslo_utils/strutils.py
@@ -58,7 +58,8 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")
 _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password',
                   'auth_token', 'new_pass', 'auth_password', 'secret_uuid',
                   'secret', 'sys_pswd', 'token', 'configdrive',
-                  'CHAPPASSWORD', 'encrypted_key', 'private_key']
+                  'CHAPPASSWORD', 'encrypted_key', 'private_key',
+                  'encryption_key_id']
 
 # NOTE(ldbragst): Let's build a list of regex objects using the list of
 # _SANITIZE_KEYS we already have. This way, we only have to add the new key
diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py
index e015b2e..f7efcd9 100644
--- a/oslo_utils/tests/test_strutils.py
+++ b/oslo_utils/tests/test_strutils.py
@@ -459,6 +459,9 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
         payload = """body: {"rescue": {"password": "1234567"}}"""
         expected = """body: {"rescue": {"password": "***"}}"""
         self.assertEqual(expected, strutils.mask_password(payload))
+        payload = """body: {"rescue": {"encryption_key_id": "1234567"}}"""
+        expected = """body: {"rescue": {"encryption_key_id": "***"}}"""
+        self.assertEqual(expected, strutils.mask_password(payload))
 
     def test_xml_message(self):
         payload = """<?xml version="1.0" encoding="UTF-8"?>