Closed mrfelton closed 2 months ago
I added a fix for this in the lastest version of #131 https://github.com/lndk-org/lndk/pull/131/commits/3fa88caa6232445bd03eae0590f67fbfd53b4526
But we can keep this issue open until that's merged
I've added a comment to #131 regarding protecting and securely wiping secrets from memory. I think we can open a separate issue to track introducing something like the secrecy
crate to help with that.
Unfortunately in the case for this issue it was grpc request metadata. Some values can be marked as sensitive with set_sensitive(true)
which can be checked with is_sensitive()
, unfortunately that doesn't change anything about Display
/Debug
implementations obviously and there is no other type like SensitiveAsciiMetadataValue
that would do something similar to secrecy
and implement redaction. :(
This should be fixed now that #131 is merged, but we plan to add #143 in a follow up!
Describe the bug
Macaroon is currently being logged in calls to the gRPC server
Macaroon should never be logged
Macaroon is logged for every grpc call
To Reproduce Make a grpc call and view the logs
Additional context I have log level at TRACE