Setting log_statement to 'none' isn't enough to avoid secret logging.
If, say, log_min_duration_statement is set to 0, the secret will be logged anyway.
I don't know if there's a simple way to avoid completely secret logging (besides log_min_duration_statement, logging could be handled by an ad hoc extension).
Good point, if you'd like to submit a PR mentioning that issue I'll merge it. We use the pgaudit extension at supabase, so might be worth mentioning it as well and any others you may know of. Thanks!
Hello
Re https://github.com/michelp/pgsodium#avoid-secret-logging
Setting
log_statement
to'none'
isn't enough to avoid secret logging.If, say,
log_min_duration_statement
is set to0
, the secret will be logged anyway.I don't know if there's a simple way to avoid completely secret logging (besides
log_min_duration_statement
, logging could be handled by an ad hoc extension).