Closed amandam11 closed 1 year ago
Hi Amanda!
Yes, the "log" level should be wired to debug level in Winston or Bunyan. I have swapped it to trace level which won't log by default, its in a couple of places. It will come out with the next release.
Thank you.
Describe the bug By default (unless the logger is overwritten) then the SDK logs the full URL it listens to which includes what should be treated as a secret - the API KEY.
For example: FeatureHub/Log: listening at http://featurehub:8085/features/
Which area does this issue belong to?
To Reproduce Steps to reproduce the behavior: 1.Start client
Expected behavior That secret information such as the api key is not logged by default.
Screenshots If applicable, add screenshots to help explain your problem.
Versions
Additional context Workaround is to override the fhLog.log method so that the key is not output, or switch off this log-level.