Sanitizing logs so secrets and PII do not leak downstream

2500 views

                  Rails.application.config.filter_parameters += [
  :password,
  :password_confirmation,
  :token,
  :authorization,
  :ssn,
  :credit_card_number,
]

Logs are one of the most common unintentional data exfiltration channels. I filter secrets, tokens, and PII before they leave the process, then I keep retention and access tight downstream. If your logs are rich enough to reconstruct private sessions, they are too rich.

Kai Nakamura

More from Kai Nakamura

Sanitizing logs so secrets and PII do not leak downstream

0 Comments

More from Kai Nakamura