I created a check in an on-prem agent. That check uses basic auth in the configuration.

In the log files of the synthetic-monitoring agent pod, the username and password are written out in plain text rather than being redacted.

Plain text passwords should never be written out, even in debug mode.

{"level":"debug","program":"synthetic-monitoring-agent","subsystem":"updater","check change":{"check":{"id":1565289,"tenantId":00000,"frequency":120000,"offset":0,"timeout":10000,"enabled":true,"labels":null,"settings":{"http":{"ipVersion":"V4","method":"GET","noFollowRedirects":false,"tlsConfig":{"insecureSkipVerify":true},"basicAuth":{"username":"grafana","password":"randompassowrdinplaintext"},"failIfSSL":false,"failIfNotSSL":false,"validStatusCodes":[200],"failIfBodyNotMatchesRegexp":[".*Showing.*"]}},"probes":[7193],"target":"https://intranet.domain.blah/alerts","job":"Intranet - Alerts","basicMetricsOnly":true,"alertSensitivity":"none","created":1692822282.9243417,"modified":1694447326.0806525}},"time":1694447528688,"caller":"github.com/grafana/synthetic-monitoring-agent/internal/checks/checks.go:669","message":"got check change"}