From 2420c246ca5766587650da0851afc01451b001a4 Mon Sep 17 00:00:00 2001
From: Sam Xiao <sam.xiao@elastic.co>
Date: Wed, 4 Mar 2026 19:44:17 -0500
Subject: [PATCH 1/5] Remote sensitive info from reindex task description

---
 .../management/GetReindexResponse.java        |  2 +-
 .../management/GetReindexResponseTests.java   | 27 +++++++++++++++++++
 .../reindex/remote/RemoteInfoTests.java       | 19 ++++---------
 .../index/reindex/RemoteInfo.java             |  7 -----
 4 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
index e986b7b5f1177..9eb5383886021 100644
--- a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
+++ b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
@@ -38,7 +38,7 @@ public class GetReindexResponse extends ActionResponse implements ToXContentObje
      * group(3) = destination index
      */
     private static final Pattern DESCRIPTION_PATTERN = Pattern.compile(
-        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?) .+\\])?\\[([^\\]]*)].*to \\[([^\\]]*)]$"
+        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*to \\[([^\\]]*)]$"
     );
 
     public GetReindexResponse(TaskResult task) {
diff --git a/modules/reindex-management/src/test/java/org/elasticsearch/reindex/management/GetReindexResponseTests.java b/modules/reindex-management/src/test/java/org/elasticsearch/reindex/management/GetReindexResponseTests.java
index 12843e1b98814..b82cc72c3e3eb 100644
--- a/modules/reindex-management/src/test/java/org/elasticsearch/reindex/management/GetReindexResponseTests.java
+++ b/modules/reindex-management/src/test/java/org/elasticsearch/reindex/management/GetReindexResponseTests.java
@@ -209,4 +209,31 @@ public void testSanitizeDescriptionRemoteWithScript() {
             equalTo(Optional.of("reindex from [host=example.com port=9200][source] to [dest]"))
         );
     }
+
+    public void testSanitizeDescriptionWithOnlyHostPort() {
+        assertThat(
+            sanitizeDescription("reindex from [host=example.com port=9200][source] to [dest]"),
+            equalTo(Optional.of("reindex from [host=example.com port=9200][source] to [dest]"))
+        );
+    }
+
+    public void testSanitizeDescriptionWithSchemeHostPortPathPrefix() {
+        assertThat(
+            sanitizeDescription("reindex from [scheme=https host=example.com port=9200 pathPrefix=/es][source] to [dest]"),
+            equalTo(Optional.of("reindex from [scheme=https host=example.com port=9200 pathPrefix=/es][source] to [dest]"))
+        );
+    }
+
+    public void testSanitizeDescriptionWithHostPortScript() {
+        assertThat(
+            sanitizeDescription(
+                "reindex from [host=example.com port=9200][source]"
+                    + " updated with Script{type=inline, lang='painless',"
+                    + " idOrCode='ctx._source.tag = 'host=localhost port=9200 username=admin password=secret'',"
+                    + " options={}, params={}}"
+                    + " to [dest]"
+            ),
+            equalTo(Optional.of("reindex from [host=example.com port=9200][source] to [dest]"))
+        );
+    }
 }
diff --git a/modules/reindex/src/test/java/org/elasticsearch/reindex/remote/RemoteInfoTests.java b/modules/reindex/src/test/java/org/elasticsearch/reindex/remote/RemoteInfoTests.java
index 1ea8b6a1a5c3c..3959de9a66629 100644
--- a/modules/reindex/src/test/java/org/elasticsearch/reindex/remote/RemoteInfoTests.java
+++ b/modules/reindex/src/test/java/org/elasticsearch/reindex/remote/RemoteInfoTests.java
@@ -33,21 +33,12 @@ private RemoteInfo newRemoteInfo(String scheme, String prefixPath, String userna
     }
 
     public void testToString() {
-        assertEquals("host=testhost port=12344 query={ \"foo\" : \"bar\" }", newRemoteInfo("http", null, null, null).toString());
+        assertEquals("host=testhost port=12344", newRemoteInfo("http", null, null, null).toString());
+        assertEquals("host=testhost port=12344", newRemoteInfo("http", null, "testuser", null).toString());
+        assertEquals("host=testhost port=12344", newRemoteInfo("http", null, "testuser", "testpass").toString());
+        assertEquals("scheme=https host=testhost port=12344", newRemoteInfo("https", null, "testuser", "testpass").toString());
         assertEquals(
-            "host=testhost port=12344 query={ \"foo\" : \"bar\" } username=testuser",
-            newRemoteInfo("http", null, "testuser", null).toString()
-        );
-        assertEquals(
-            "host=testhost port=12344 query={ \"foo\" : \"bar\" } username=testuser password=<<>>",
-            newRemoteInfo("http", null, "testuser", "testpass").toString()
-        );
-        assertEquals(
-            "scheme=https host=testhost port=12344 query={ \"foo\" : \"bar\" } username=testuser password=<<>>",
-            newRemoteInfo("https", null, "testuser", "testpass").toString()
-        );
-        assertEquals(
-            "scheme=https host=testhost port=12344 pathPrefix=prxy query={ \"foo\" : \"bar\" } username=testuser password=<<>>",
+            "scheme=https host=testhost port=12344 pathPrefix=prxy",
             newRemoteInfo("https", "prxy", "testuser", "testpass").toString()
         );
     }
diff --git a/server/src/main/java/org/elasticsearch/index/reindex/RemoteInfo.java b/server/src/main/java/org/elasticsearch/index/reindex/RemoteInfo.java
index 1c1a5cc8c1046..352bbc996fa7e 100644
--- a/server/src/main/java/org/elasticsearch/index/reindex/RemoteInfo.java
+++ b/server/src/main/java/org/elasticsearch/index/reindex/RemoteInfo.java
@@ -196,13 +196,6 @@ public String toString() {
         if (pathPrefix != null) {
             b.append(" pathPrefix=").append(pathPrefix);
         }
-        b.append(" query=").append(query.utf8ToString());
-        if (username != null) {
-            b.append(" username=").append(username);
-        }
-        if (password != null) {
-            b.append(" password=<<>>");
-        }
         return b.toString();
     }
 

From f1ddb66e234e3846ec029501f7dae007960cf04b Mon Sep 17 00:00:00 2001
From: Sam Xiao <sam.xiao@elastic.co>
Date: Wed, 4 Mar 2026 20:32:17 -0500
Subject: [PATCH 2/5] minor

---
 .../elasticsearch/reindex/management/GetReindexResponse.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
index 9eb5383886021..9e3f98ac5a456 100644
--- a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
+++ b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
@@ -38,7 +38,8 @@ public class GetReindexResponse extends ActionResponse implements ToXContentObje
      * group(3) = destination index
      */
     private static final Pattern DESCRIPTION_PATTERN = Pattern.compile(
-        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*to \\[([^\\]]*)]$"
+        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*" +
+            "to \\[([^\\]]*)]$"
     );
 
     public GetReindexResponse(TaskResult task) {

From 63caa58403419a63151fc5922e24f9db15c6cf17 Mon Sep 17 00:00:00 2001
From: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Date: Thu, 5 Mar 2026 01:39:33 +0000
Subject: [PATCH 3/5] [CI] Auto commit changes from spotless

---
 .../elasticsearch/reindex/management/GetReindexResponse.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
index 9e3f98ac5a456..91d672520f985 100644
--- a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
+++ b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
@@ -38,8 +38,8 @@ public class GetReindexResponse extends ActionResponse implements ToXContentObje
      * group(3) = destination index
      */
     private static final Pattern DESCRIPTION_PATTERN = Pattern.compile(
-        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*" +
-            "to \\[([^\\]]*)]$"
+        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*"
+            + "to \\[([^\\]]*)]$"
     );
 
     public GetReindexResponse(TaskResult task) {

From ff08abb930c57f0eabc2846ecdc14e7cd5bf6903 Mon Sep 17 00:00:00 2001
From: Sam Xiao <sam.xiao@elastic.co>
Date: Tue, 10 Mar 2026 11:32:01 -0400
Subject: [PATCH 4/5] comment

---
 .../reindex/management/GetReindexResponse.java        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
index 91d672520f985..ee645f37e2edf 100644
--- a/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
+++ b/modules/reindex-management/src/main/java/org/elasticsearch/reindex/management/GetReindexResponse.java
@@ -37,10 +37,13 @@ public class GetReindexResponse extends ActionResponse implements ToXContentObje
      * group(2) = source indices
      * group(3) = destination index
      */
-    private static final Pattern DESCRIPTION_PATTERN = Pattern.compile(
-        "(?s)^reindex from (?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?\\[([^\\]]*)].*"
-            + "to \\[([^\\]]*)]$"
-    );
+    private static final Pattern DESCRIPTION_PATTERN = Pattern.compile("(?s)^reindex from " +
+    // group(1): optional remote info
+        "(?:\\[((?:scheme=\\S+ )?host=\\S+ port=\\d+(?:\\s+pathPrefix=\\S+)?)(?: .+)?\\])?" +
+        // group(2): source indices
+        "\\[([^\\]]*)].*" +
+        // group(3): destination index
+        "to \\[([^\\]]*)]$");
 
     public GetReindexResponse(TaskResult task) {
         this.task = requireNonNull(task, "task is required");

From 597a6b0ea8d052a273cfea86c8052654e2f14b6b Mon Sep 17 00:00:00 2001
From: Sam Xiao <sam.xiao@elastic.co>
Date: Tue, 10 Mar 2026 11:42:38 -0400
Subject: [PATCH 5/5] add IT

---
 .../reindex/management/ReindexRemoteIT.java   | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/modules/reindex-management/src/javaRestTest/java/org/elasticsearch/reindex/management/ReindexRemoteIT.java b/modules/reindex-management/src/javaRestTest/java/org/elasticsearch/reindex/management/ReindexRemoteIT.java
index 6059a2725a7ef..12ecb113db6f1 100644
--- a/modules/reindex-management/src/javaRestTest/java/org/elasticsearch/reindex/management/ReindexRemoteIT.java
+++ b/modules/reindex-management/src/javaRestTest/java/org/elasticsearch/reindex/management/ReindexRemoteIT.java
@@ -99,4 +99,55 @@ public void testGetReindexDescriptionStripsRemoteInfoSensitiveFields() throws Ex
             + "][remote_src] to [dest]";
         assertThat(body.get("description"), equalTo(expectedDescription));
     }
+
+    public void testTaskDescriptionExcludesSensitiveFields() throws Exception {
+        Request indexRequest = new Request("POST", "/task_api_src/_doc");
+        indexRequest.addParameter("refresh", "true");
+        indexRequest.setJsonEntity("{\"field\": \"value\"}");
+        client().performRequest(indexRequest);
+
+        String remoteHost = getRemoteHost();
+
+        Request reindexRequest = new Request("POST", "/_reindex");
+        reindexRequest.addParameter("wait_for_completion", "false");
+        reindexRequest.setJsonEntity(String.format(java.util.Locale.ROOT, """
+            {
+              "source": {
+                "remote": {
+                  "host": "%s",
+                  "username": "testuser",
+                  "password": "testpass"
+                },
+                "index": "remote_src",
+                "query": {
+                  "match_all": {}
+                }
+              },
+              "dest": {
+                "index": "dest"
+              }
+            }""", remoteHost));
+
+        Response reindexResponse = client().performRequest(reindexRequest);
+        String taskId = (String) entityAsMap(reindexResponse).get("task");
+        assertNotNull("reindex did not return a task id", taskId);
+
+        Request getTaskRequest = new Request("GET", "/_tasks/" + taskId);
+        getTaskRequest.addParameter("wait_for_completion", "true");
+        getTaskRequest.addParameter("timeout", "30s");
+        Response taskResponse = client().performRequest(getTaskRequest);
+        Map<String, Object> body = entityAsMap(taskResponse);
+
+        @SuppressWarnings("unchecked")
+        Map<String, Object> task = (Map<String, Object>) body.get("task");
+        String description = (String) task.get("description");
+
+        URI remoteUri = URI.create(remoteHost);
+        String expectedDescription = "reindex from [host="
+            + remoteUri.getHost()
+            + " port="
+            + remoteUri.getPort()
+            + "][remote_src] to [dest]";
+        assertThat(description, equalTo(expectedDescription));
+    }
 }