CDK: implement custom logging formatter to obfuscate secrets #3764

keu · 2021-05-31T15:49:39Z

Tell us about the problem you're trying to solve

Currently, we have multiple ways to expose credentials in logs (info, exceptions, tests)

Describe the solution you’d like

The only real way to secure credentials is to control logging output with a logging Formatter attached to the root logger.
This handler will get the connector's config and will replace all occurrence of values from fields marked as secret.

class SecureFormatter(logging.Formatter):
    """ Custom formatter to prevent secrets leaking
    """
    def format(self, record: 'logging.LogRecord') -> str:
        msg = super().format(record)
        for secret in secrets:
            msg = msg.replace(secret, '***')
        return msg

Describe the alternative you’ve considered or used

do manually

┆Issue is synchronized with this Asana task by Unito

eliziario · 2021-09-20T15:15:27Z

Scoping Report

Implement the suggested implementation
Figure out how to initialize the list of secrets for a given exec context
Create tests for scenarios: normal log statements, exceptions

#1279

* Secure logger implementation minus still broken new tests * Secure logger implementation and unit tests * code review changes * filter text on uncaught exceptions * auto-formatting * Mistaken change left in code * filter text on uncaught exceptions * Simplify code, remove LoggingFilter and move obfuscation functionality to Formatter * Update airbyte-cdk/python/airbyte_cdk/entrypoint.py Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com> * Obfuscate Secrets in Logging, code review changes * Obfuscate Secrets in Logging, code review changes, unit test fixes * CHANGELOG.md Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>

keu added type/enhancement New feature or request zazmic CDK Connector Development Kit priority/high High priority labels May 31, 2021

sherifnada removed the zazmic label Aug 6, 2021

sherifnada removed the priority/high High priority label Sep 3, 2021

sherifnada added this to the Connectors, September 17th 2021 milestone Sep 3, 2021

avida assigned avida and eliziario and unassigned avida Sep 12, 2021

sherifnada modified the milestones: Connectors, September 17th 2021, Connectors, October 1st 2021 Sep 17, 2021

eliziario added the blocked label Sep 20, 2021

sherifnada modified the milestones: Connectors, October 1st 2021, Connectors, October 15th 2021 Oct 4, 2021

sherifnada modified the milestones: Connectors, October 15th 2021, Connectors 2021-10-29 Oct 14, 2021

sherifnada modified the milestones: Connectors 2021-10-29, Connectors Nov 26 2021 Oct 29, 2021

sherifnada removed the blocked label Nov 15, 2021

eliziario mentioned this issue Nov 23, 2021

CDK: #3764 obfuscate secrets in logging #8211

Merged

40 tasks

VasylLazebnyk linked a pull request Nov 24, 2021 that will close this issue

CDK: #3764 obfuscate secrets in logging #8211

Merged

40 tasks

VasylLazebnyk modified the milestones: Connectors Nov 26 2021, Connectors Dec 10 2021 Nov 26, 2021

eliziario closed this as completed in #8211 Dec 7, 2021

jrhizor mentioned this issue Dec 9, 2021

Bump Airbyte version from 0.33.5-alpha to 0.33.6-alpha #8653

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CDK: implement custom logging formatter to obfuscate secrets #3764

CDK: implement custom logging formatter to obfuscate secrets #3764

keu commented May 31, 2021 •

edited by sync-by-unito bot

eliziario commented Sep 20, 2021 •

edited

CDK: implement custom logging formatter to obfuscate secrets #3764

CDK: implement custom logging formatter to obfuscate secrets #3764

Comments

keu commented May 31, 2021 • edited by sync-by-unito bot

Tell us about the problem you're trying to solve

Describe the solution you’d like

Describe the alternative you’ve considered or used

eliziario commented Sep 20, 2021 • edited

Scoping Report

keu commented May 31, 2021 •

edited by sync-by-unito bot

eliziario commented Sep 20, 2021 •

edited