search

gogatekeeper / gatekeeper

An OpenID / Proxy service
https://gogatekeeper.github.io/gatekeeper/
Apache License 2.0
266 stars 48 forks source link

Hide sensitive information in logs #475

Closed nonvoy closed 2 months ago

nonvoy commented 3 months ago

Hide sensitive information in GoGatekeeper logs

Summary

Hide sensitive information such as email, IP adress, or any PII information in logs.

Why?

In order to make logs GDPR compliant.

Acceptance criteria

No PII information should be exposed on logs

p53 commented 3 months ago

thank you for openin issue! i will look at it what can be done here in some structured way

p53 commented 3 months ago

hi, i removed emails, client IP from Info/Error messages, replaced with user sub (ID), in verbose mode email and IP are logged (because they are useful for debugging), you can try 2.13.0-rc2 docker image

nonvoy commented 3 months ago

Awesome, thanks a lot man!

nonvoy commented 3 months ago

We tested it and it is working fine. Thank you very much for quickly implementing this feature!