The SDK logs API key secret by default

[amandam11]

Describe the bug By default (unless the logger is overwritten) then the SDK logs the full URL it listens to which includes what should be treated as a secret - the API KEY.

For example: FeatureHub/Log: listening at http://featurehub:8085/features/

Which area does this issue belong to?

• [X] SDK
• [ ] SDK examples
• [ ] Documentation
• [ ] Other

To Reproduce Steps to reproduce the behavior: 1.Start client

2. See secret in the logs

Expected behavior That secret information such as the api key is not logged by default.

Screenshots If applicable, add screenshots to help explain your problem.

Versions

• FeatureHub version [e.g. 1.6.0]
• SDK version [e.g. 1.3.0] OS: [Docker image featurehub/party-server, Docker version 23.0.6, Ubuntu 20.04] Browser [Chrome]

Additional context Workaround is to override the fhLog.log method so that the key is not output, or switch off this log-level.

[rvowles]

Hi Amanda!

Yes, the "log" level should be wired to debug level in Winston or Bunyan. I have swapped it to trace level which won't log by default, its in a couple of places. It will come out with the next release.

[amandam11]

Thank you.