security: redact gateway tokens from API responses
Gateway tokens were returned as plaintext in GatewayRead API responses. Replace the `token` field with a boolean `has_token` flag so the API never exposes the plaintext token. The token remains in the database for outbound gateway connections (full encryption would require key management infrastructure). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
committed by
Abhimanyu Saharan
Abhimanyu Saharan
parent
94988deef2
commit
547965a5cb
@@ -65,7 +65,7 @@ class GatewayRead(GatewayBase):
|
||||
|
||||
id: UUID
|
||||
organization_id: UUID
|
||||
token: str | None = None
|
||||
has_token: bool = False
|
||||
created_at: datetime
|
||||
updated_at: datetime
|
||||
|
||||
|
||||
Reference in New Issue
Block a user