From 001732a2a906e93d70a91d01aa21eb68d6226d84 Mon Sep 17 00:00:00 2001
From: Andrzej Stencel <andrzej.stencel@elastic.co>
Date: Thu, 21 Nov 2024 11:07:14 +0100
Subject: [PATCH 1/3] Make common key redaction case insensitive

---
 internal/pkg/diagnostics/diagnostics.go      |  1 +
 internal/pkg/diagnostics/diagnostics_test.go | 28 +++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/internal/pkg/diagnostics/diagnostics.go b/internal/pkg/diagnostics/diagnostics.go
index ceaa8f0296a..be80811447f 100644
--- a/internal/pkg/diagnostics/diagnostics.go
+++ b/internal/pkg/diagnostics/diagnostics.go
@@ -393,6 +393,7 @@ func redactKey(k string) bool {
 		return false
 	}
 
+	k = strings.ToLower(k)
 	return strings.Contains(k, "certificate") ||
 		strings.Contains(k, "passphrase") ||
 		strings.Contains(k, "password") ||
diff --git a/internal/pkg/diagnostics/diagnostics_test.go b/internal/pkg/diagnostics/diagnostics_test.go
index ec21e4a525b..706ca550f24 100644
--- a/internal/pkg/diagnostics/diagnostics_test.go
+++ b/internal/pkg/diagnostics/diagnostics_test.go
@@ -164,7 +164,33 @@ inputs:
 outputs:
     default:
         api_key: <REDACTED>
-        redactOtherKey: secretOutputValue
+        redactOtherKey: <REDACTED>
+        type: elasticsearch
+`,
+	}, {
+		name: "uppercase fields are redacted",
+		input: []byte(`id: test-policy
+inputs:
+  - type: test_input
+outputs:
+  default:
+    type: elasticsearch
+    api_key: secretKey
+    Certificate: secretCert
+    PassPhrase: secretPassphrase
+    PASSWORD: secretPassword
+    tOkEn: secretToken
+`),
+		expect: `id: test-policy
+inputs:
+    - type: test_input
+outputs:
+    default:
+        Certificate: <REDACTED>
+        PASSWORD: <REDACTED>
+        PassPhrase: <REDACTED>
+        api_key: <REDACTED>
+        tOkEn: <REDACTED>
         type: elasticsearch
 `,
 	}, {

From 330f5b21a4ec8a4e54cde34de14dd475ac486c5c Mon Sep 17 00:00:00 2001
From: Andrzej Stencel <andrzej.stencel@elastic.co>
Date: Fri, 22 Nov 2024 13:31:22 +0100
Subject: [PATCH 2/3] add changelog entry

---
 .../1732184289-redact-case-insensitive.yaml   | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 changelog/fragments/1732184289-redact-case-insensitive.yaml

diff --git a/changelog/fragments/1732184289-redact-case-insensitive.yaml b/changelog/fragments/1732184289-redact-case-insensitive.yaml
new file mode 100644
index 00000000000..7941e4db93c
--- /dev/null
+++ b/changelog/fragments/1732184289-redact-case-insensitive.yaml
@@ -0,0 +1,32 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: enhancement
+
+# Change summary; a 80ish characters long description of the change.
+summary: Make redaction of common keys in diagnostics case insensitive
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+#description:
+
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component: elastic-agent
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+#pr: https://github.com/owner/repo/1234
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+#issue: https://github.com/owner/repo/1234

From 2db894f4aa4fd4bac5532ea3f04fef99f5354b58 Mon Sep 17 00:00:00 2001
From: Andrzej Stencel <andrzej.stencel@elastic.co>
Date: Fri, 22 Nov 2024 13:31:59 +0100
Subject: [PATCH 3/3] change to bug fix

---
 changelog/fragments/1732184289-redact-case-insensitive.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog/fragments/1732184289-redact-case-insensitive.yaml b/changelog/fragments/1732184289-redact-case-insensitive.yaml
index 7941e4db93c..238e0aa7348 100644
--- a/changelog/fragments/1732184289-redact-case-insensitive.yaml
+++ b/changelog/fragments/1732184289-redact-case-insensitive.yaml
@@ -8,7 +8,7 @@
 # - security: impacts on the security of a product or a user’s deployment.
 # - upgrade: important information for someone upgrading from a prior version
 # - other: does not fit into any of the other categories
-kind: enhancement
+kind: bug-fix
 
 # Change summary; a 80ish characters long description of the change.
 summary: Make redaction of common keys in diagnostics case insensitive