Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-8037

remove tokens and passwords from logs by default

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Duplicate
    • Major
    • None
    • 2.11.1 GA
    • System
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • 0
    • 0% 0%

    Description

      Customer has raised the issue that passwords and tokens are being logged by sidekiq and sphinx as part of their startup process.

      Customer is concerned that as they use a 3rd party logging tool this increases the likelihood that these credentials could get leaked.

      Customer would like a way to remove the logging of ENV vars/secrets by 3scale components, preferably by setting a flag in the operator CRD.

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. THREESCALE-5442 Mask keys and Access Tokens in the logs on System

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rhn-support-ahobson Aimi Hobson
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: