From 42c21da8b6ba376be3f4e0efddf12f608de6513c Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Fri, 18 Aug 2023 00:33:26 +0100
Subject: [PATCH] blueprints: fix blueprint importer logging potentially
 sensitive data (#6567)

---
 authentik/blueprints/v1/importer.py | 5 ++++-
 blueprints/system/bootstrap.yaml    | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py
index e9b29938e..17a2f4eba 100644
--- a/authentik/blueprints/v1/importer.py
+++ b/authentik/blueprints/v1/importer.py
@@ -35,6 +35,7 @@ from authentik.core.models import (
     Source,
     UserSourceConnection,
 )
+from authentik.events.utils import cleanse_dict
 from authentik.flows.models import FlowToken, Stage
 from authentik.lib.models import SerializerModel
 from authentik.outposts.models import OutpostServiceConnection
@@ -209,7 +210,9 @@ class Importer:
             serializer_kwargs["partial"] = True
         else:
             self.logger.debug(
-                "initialised new serializer instance", model=model, **updated_identifiers
+                "initialised new serializer instance",
+                model=model,
+                **cleanse_dict(updated_identifiers),
             )
             model_instance = model()
             # pk needs to be set on the model instance otherwise a new one will be generated
diff --git a/blueprints/system/bootstrap.yaml b/blueprints/system/bootstrap.yaml
index 049caea45..5bda8b3ff 100644
--- a/blueprints/system/bootstrap.yaml
+++ b/blueprints/system/bootstrap.yaml
@@ -39,8 +39,9 @@ entries:
       identifier: authentik-bootstrap-token
       intent: api
       expiring: false
-      key: !Context token
       user: !KeyOf admin-user
+    attrs:
+      key: !Context token
   - model: authentik_blueprints.blueprintinstance
     identifiers:
       metadata: