When using MongoDB URI to authenticate, both the crawler and explorer-api exposes the full URI in the logs without masking the username and password. This can lead to security issues if the logs gets stored for long term periods or if a large number of people have access to them
They are also saved in plain text on the config file but that would require local access to the kubernetes pods in order to see the file, but the explorer-api also shows the whole config file on startup
I appreciate if we can hide these values from the logs
When using MongoDB URI to authenticate, both the crawler and explorer-api exposes the full URI in the logs without masking the username and password. This can lead to security issues if the logs gets stored for long term periods or if a large number of people have access to them
They are also saved in plain text on the config file but that would require local access to the kubernetes pods in order to see the file, but the explorer-api also shows the whole config file on startup
I appreciate if we can hide these values from the logs