openedx / edx-django-utils

edX utilities for Django Application development.
https://edx.readthedocs.io/projects/edx-django-utils/en/latest/
Apache License 2.0
26 stars 20 forks source link

feat: Add utility for logging sensitive information using encryption #209

Closed timmc-edx closed 2 years ago

timmc-edx commented 2 years ago

Description:

This is copied from edx-platform, and was introduced there in https://github.com/openedx/edx-platform/pull/29682. Bringing it out into this library will allow it to be used across IDAs, and in particular in the cookie monitoring middleware.

Introduces log_sensitive module for public-key encryption of sensitive debug information in log messages, including CLI commands for generating keys and decrypting log output. Exposes log_sensitive in logging module.

Changes from original:

Also:

ref: ARCHBOM-2082

JIRA:

ARCHBOM-2082

Merge checklist:

Post merge:

timmc-edx commented 2 years ago

Note for reviewers: Probably best reviewed commit-by-commit:

timmc-edx commented 2 years ago

Ah right, I remember now that I had a question about that: If I just move this into internal and expose encrypt_for_log, then the CLI commands will have to call edx_django_utils.logging.internal.log_sensitive or something. But the CLI isn't internal... Thoughts on that?

timmc-edx commented 2 years ago

Hmm, maybe I can make it a command/entry-point/whatever it's called, in setup.py.