SharedAccessKey in Logs

[danielHalan]

There is a log entry when sending a message that contains the whole endpoint path, which in ASB also contains the SharedAccessKey, guess this is performed in Core (where other transporters just have the server name) but would be good if could be overridden in ASB to remove the 'SharedAccessKey' value

DEBUG Sending message Itq.Commands.xxxxx with ID 02e2c505-d601-4180-b0c2-a41f014f634e to destination Itqxxxx@Endpoint=sb://xxxxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=yyyyyyyyyy.

[yvesgoeleven]

Yeah this is indeed a potential security issue that we are aware off, see https://github.com/Particular/NServiceBus.Azure/issues/117, it is caused by the fact that the old msmq machine concept is used to represent the namespace concept in servicebus, yet the core is obviously not aware of it. We are changing the core to allow setup of client side routing rules, which maps logical addresses to physical addresses, and this will resolve this issue (among others). As a workaround though you could create a wrapper for the logging infrastructure which replaces or removes the secret information.

[particularbot]

moved to https://github.com/Particular/NServiceBus.AzureServiceBus/issues/17