From bc2010a762ad58510787bde9a4262de2125836df Mon Sep 17 00:00:00 2001
From: berbant <33601955+berbant@users.noreply.github.com>
Date: Thu, 22 Feb 2024 23:55:57 +0400
Subject: [PATCH] Update secrets.js

---
 src/endpoints/secrets.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/endpoints/secrets.js b/src/endpoints/secrets.js
index 3014f3e69..4bf8687b4 100644
--- a/src/endpoints/secrets.js
+++ b/src/endpoints/secrets.js
@@ -213,12 +213,13 @@ router.post('/view', jsonParser, async (_, response) => {
 router.post('/find', jsonParser, (request, response) => {
     const allowKeysExposure = getConfigValue('allowKeysExposure', false);
 
-    if (!allowKeysExposure) {
+    const key = request.body.key;
+    
+    if (!allowKeysExposure && key.slice(key.length-4) !== '_url' ) {
         console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
         return response.sendStatus(403);
     }
 
-    const key = request.body.key;
 
     try {
         const secret = readSecret(key);