Database Connections Show Redacted Configuration Object Values When Edited in Cribl Stream 4.18.0 and Above

Symptom

When a user edits an existing Database Connection from Worker Group > Processing > Knowledge > Database Connections, the UI shows redacted dots instead of the existing connection details stored in the configuration object.

The user may interpret this as the Database Connection no longer being editable, or as though the saved configuration has been lost.

Environment

• Product: Cribl Stream
• Version: 4.18.0 and above
• Area: Database Connections
• Authentication method: Config

Resolution

In Cribl Stream 4.18.0, the UI no longer returns certain sensitive Database Connection details in plain text.

A user can still edit the connection, but the UI does not reveal the currently saved config object contents.

To update the connection:

1. Open the existing Database Connection in the UI.
2. Prepare the full updated configuration object outside the UI, since the existing value is not displayed in plain text.
3. Paste the complete updated value into the appropriate text box and save the connection.

If the current config object value must be reviewed first, use CLI access to the worker filesystem:

1. Open $CRIBL_HOME/local/cribl/database-connections.yml on the worker.
2. Locate the connection entry and copy the encrypted configObj value.
3. Decrypt the value with the built-in Cribl utility using the worker’s cribl.secret file:
   $CRIBL_HOME/bin/cribl decrypt -v '<encrypted-configObj>' -s $CRIBL_HOME/local/cribl/auth/cribl.secret
4. Review the decrypted output, make the required changes, and use the updated value when editing the Database Connection.

Cause

In Cribl Stream 4.18.0, security-driven changes were introduced that prevent certain API endpoints, including /lib/database-connections, from returning sensitive information in plain text. Because the Database Connection configuration object is treated as sensitive information, the UI shows a redacted value instead of the existing plain-text contents.

Last Validated

4.18.0

Additional Information

This behavior affects how existing Database Connection details are displayed in the UI, but it does not prevent editing when the full updated configuration is supplied manually.