When the broker starts up it parses the templates, and possibly apikeys or other sensitive information can show up in the logs.
By default, we should prevent this behavior.
For this issue, please address and also investigate how we could support a way to override this suppression of sensitive data. Since we have advanced features around multi-apikeys and templates, I think that during testing and learning users may need to view this info in the logs for debugging - so it would be good to have a way to not prevent that.
Possibly just masking api-keys, e.g. "XXXX-XXX-XXXXX-si0914j" or something like credit card with only last "4 digits".
Here is example log entry with this issue:
{"level":"info","ts":1594294123.2600162,"caller":"broker/services.go:233","msg":"context to execute template","ctx":{"project":{},"cluster":{},"Credentials":{"projects":null,"orgs":{"5ea0477597999053a5f9cbec":{"id":"mykey","desc":"testOrg","roles":[{"orgId":"5ea0477597999053a5f9cbec"}],"privateKey":"d7cf7772-fe56-4033-9a8d-1825432d51ef","publicKey":"CTWZPIFJ"}},"broker":{"username":"adminx","password":"adminx","db":"mongodb+srv://tester:MongoDB2020@statestorage-mytsp.mongodb.net/admin?retryWrites=true&w=majority"}}}}
When the broker starts up it parses the templates, and possibly apikeys or other sensitive information can show up in the logs. By default, we should prevent this behavior.
For this issue, please address and also investigate how we could support a way to override this suppression of sensitive data. Since we have advanced features around multi-apikeys and templates, I think that during testing and learning users may need to view this info in the logs for debugging - so it would be good to have a way to not prevent that. Possibly just masking api-keys, e.g. "XXXX-XXX-XXXXX-si0914j" or something like credit card with only last "4 digits".
Here is example log entry with this issue: