As a developer, I want to ensure that no PII is logged to Datadog, Sentry, or AWS logs, so that sensitive user information is protected and we maintain compliance with privacy policies.
Issue Description
Currently, we rely on manual reviews to catch instances of potential PII being logged, but this approach is error-prone and insufficient. There are tools like Brakeman that might be able to flag PII-related logging issues, or libraries like Logstop that can sanitize logs automatically.
This issue is to explore and implement a solution that either flags potential PII logging issues during PR reviews or sanitizes logs at runtime to ensure no PII makes it to external logging systems like Datadog, Sentry, or AWS.
[ ] Investigate whether Brakeman can be used to flag PII logging issues during PR reviews.
[ ] Explore using Logstop to automatically sanitize logs at runtime.
[ ] Identify other potential tools or libraries for this purpose.
[ ] Implement the selected solution in vets-api.
[ ] Test to ensure the solution is working as expected.
[ ] If applicable, update documentation to include guidance on preventing PII in logs.
Acceptance Criteria
[ ] A solution is implemented to either flag or sanitize potential PII in logs.
[ ] No PII is logged from vets-api to external systems like Datadog, Sentry, or AWS.
[ ] Documentation is updated to reflect the new logging practices and tools.
Validation
Assignee to add steps to this section. List the actions that need to be taken to confirm this issue is complete. Include any necessary links or context. State the expected outcome.
written by AI
User Story
As a developer, I want to ensure that no PII is logged to Datadog, Sentry, or AWS logs, so that sensitive user information is protected and we maintain compliance with privacy policies.
Issue Description
Currently, we rely on manual reviews to catch instances of potential PII being logged, but this approach is error-prone and insufficient. There are tools like Brakeman that might be able to flag PII-related logging issues, or libraries like Logstop that can sanitize logs automatically.
This issue is to explore and implement a solution that either flags potential PII logging issues during PR reviews or sanitizes logs at runtime to ensure no PII makes it to external logging systems like Datadog, Sentry, or AWS.
Filtering we already have:
Tasks
Acceptance Criteria
Validation
Assignee to add steps to this section. List the actions that need to be taken to confirm this issue is complete. Include any necessary links or context. State the expected outcome.