Config option not to log secrets #1256

nguilford · 2016-05-26T21:33:19Z

Right now when kong starts, it logs the attempt to login to its database with full credentials:

[INFO] database...........postgres host=db.host.com database=kong user=user password=password port=5432

It would be nice to have an option not to log the credentials (user, pw at the very least). This is important for various reasons.

developers often need access to logs, but should not have access to db secrets
bad developers cut and paste logs into Internet forums, and if those logs contain secrets, that's bad times; developers shouldn't do this, of course, but I should be able to completely mitigate the risk

Suggested fix:
Add an option to /etc/kong/kong.yml to log secrets and default to false:

## PostgreSQL configuration
# postgres:
#   log_secrets: false

## Cassandra configuration
# cassandra:
#   log_secrets: false

This could also be a global config option that applies to all secrets kong may ever use.

The text was updated successfully, but these errors were encountered:

thibaultcha · 2016-05-26T22:59:46Z

+1. I would actually be in favor of keeping the config simple and simply not print those values at all.

nguilford · 2016-06-01T18:42:58Z

Sounds good to me.

thibaultcha · 2016-07-25T21:01:49Z

This has been taken care of in the new CLI implementation incoming in 0.9 this month.

subnetmarco added the area/CLI label May 31, 2016

thibaultcha closed this as completed Jul 25, 2016

Provide feedback