`PaymentIntent.client_secret` field is inspectable and shows up in logs

[marcofiset]

Title, pretty much.

Per the Stripe documentation, that field should not ever be logged:

The client secret can be used to complete a payment from your frontend. It should not be stored, logged, or exposed to anyone other than the customer.

Link to relevant documentation

[snewcomer]

@marcofiset Just to make sure, is your thought this package is logging it?

[marcofiset]

I'm not saying that this package is logging anything, no.

However, we do log many things in our systems, Stripe objects included.

I know I could define a custom Inspect implementation for PaymentIntent, but it would help everyone if this package did it itself.

[github-actions[bot]]

This issue has been automatically marked as "stale:discard". If this issue still relevant, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment.

[github-actions[bot]]

Closing this issue after a prolonged period of inactivity. If this issue is still relevant, feel free to re-open the issue. Thank you!