[Bug]: APIs for gateways in admin and main do not mask auth values #601
Description
🐞 Bug Summary
The APIs used to retrieve gateway information in both the admin and main interfaces fail to mask authentication values. As a result, all authentication tokens, credentials, and sensitive information for each gateway are exposed in the responses, which can lead to sensitive data being exposed unintentionally.
APIs include GET methods for:
1. /admin/gateways
2. /admin/gateways/{gateway_id}
3. /gateways
4. /gateways/{gateway_id}
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- Launch the mcpgateway service.
- Open your browser and go to http://localhost:4444/admin/gateways and for other URLs mentioned above, or send a GET request to the same URL.
- The authentication credentials for all gateways will be exposed.
🤔 Expected Behavior
The Auth values should be masked as per needed.
For eg. if the authType is bearer, authValue and authToken should be masked.
"authType": "bearer",
"authValue": "*****",
"authUsername": null,
"authPassword": null,
"authToken": "*****",
"authHeaderKey": null,
"authHeaderValue": null,
Similarly for all the other authTypes too
📓 Logs / Error Output
Paste any relevant stack traces or logs here.
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
| Key | Value |
|---|---|
| Version or commit | e.g. v0.9.0 or main@a1b2c3d |
| Runtime | e.g. Python 3.11, Gunicorn |
| Platform / OS | e.g. Ubuntu 22.04, macOS |
| Container | e.g. Docker, Podman, none |
🧩 Additional Context (optional)
Add any configuration details, flags, or related issues.