-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to remove sensitive content from logs #17
Comments
Hi @drewmullen! 👋 Thank you so much for raising this and for including specific use cases. Super helpful. This is certainly an area we are interested in exploring, since as you mention, the experience of filtering logs is not the best currently. There will be a fun intersection between things that providers themselves consider sensitive, such as tokens, and practitioners themselves consider sensitive, such as an internal domain name (which in of itself would be interesting in how practitioners could declare these safely). Design-wise it seems like we will need to support both cases with this filtering capability. If I had to napkin sketch something real quick, I think it would be along the lines where a provider can make a call into the provider logging systems, let's call it Conceptually, this functionality is very early in its planning and design phases so if you or others have additional use cases or ideas, it is all game to discuss. Thanks again! |
@detro Now that this is released (thank you!!!) Can we start using it immediately or does functionality need to be baked into the next version of Core? |
@drewmullen the terraform-plugin-log Go module is unrelated to Terraform CLI ("core") and updating on the provider side will be able to use the new functionality. Typically provider codebases on GitHub will enable Dependabot for Go dependency, but to manually upgrade a provider: go get github.com/hashicorp/terraform-plugin-log
go mod tidy If there are any compilation errors, it is likely due to needing to do the following other dependencies as well: # If the provider is written with terraform-plugin-framework
go get github.com/hashicorp/terraform-plugin-framework@v0.10.0
go get github.com/hashicorp/terraform-plugin-sdk/v2@v2.19.0
go mod tidy For more information about the log filtering functionality available: |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Proposal
TRACE
&DEBUG
logs currently include authentication information. For AWS this is things like:this is fine usually but if i want to post a log to a gist for a github issue, i have to manually scrape it for sensitive content. It would be great if there was a flag or environment variable to remove or obfuscate that content.
I'd be in favor of this flag being set by default when you include
TF_LOG_PATH
. But thats up to yallThanks for the great work :)
The text was updated successfully, but these errors were encountered: