Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a configurable way to mask sensitive information #220

Open
joe94 opened this issue Jun 17, 2021 · 0 comments
Open

Add a configurable way to mask sensitive information #220

joe94 opened this issue Jun 17, 2021 · 0 comments

Comments

@joe94
Copy link
Member

joe94 commented Jun 17, 2021

One of our community members reported in xmidt-org/xmidt#51 that it would be nice having a way to mask sensitive information such as device IDs (information that could be traced back to an individual customer) from log entries.

Some of the log field names that include sensitive data across our microservices are:
requestURL
requestURI
requestHeaders.Referer
instance

Suggested Approach
Compile a global regex to match device IDs from within a string and replace all characters with a * except the prefix. Ex: mac:1122334455 would become mac:**********

Configuration:

log:
  ...
  # defaults to false meaning sensitive data is masked by default
  disableSensitiveDataMasking: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant