-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CDK: implement custom logging formatter to obfuscate secrets #3764
Labels
Milestone
Comments
Scoping Report
|
40 tasks
40 tasks
eliziario
added a commit
that referenced
this issue
Dec 7, 2021
* Secure logger implementation minus still broken new tests * Secure logger implementation and unit tests * code review changes * filter text on uncaught exceptions * auto-formatting * Mistaken change left in code * filter text on uncaught exceptions * Simplify code, remove LoggingFilter and move obfuscation functionality to Formatter * Update airbyte-cdk/python/airbyte_cdk/entrypoint.py Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com> * Obfuscate Secrets in Logging, code review changes * Obfuscate Secrets in Logging, code review changes, unit test fixes * CHANGELOG.md Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>
schlattk
pushed a commit
to schlattk/airbyte
that referenced
this issue
Jan 4, 2022
* Secure logger implementation minus still broken new tests * Secure logger implementation and unit tests * code review changes * filter text on uncaught exceptions * auto-formatting * Mistaken change left in code * filter text on uncaught exceptions * Simplify code, remove LoggingFilter and move obfuscation functionality to Formatter * Update airbyte-cdk/python/airbyte_cdk/entrypoint.py Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com> * Obfuscate Secrets in Logging, code review changes * Obfuscate Secrets in Logging, code review changes, unit test fixes * CHANGELOG.md Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tell us about the problem you're trying to solve
Currently, we have multiple ways to expose credentials in logs (info, exceptions, tests)
Describe the solution you’d like
The only real way to secure credentials is to control logging output with a logging Formatter attached to the root logger.
This handler will get the connector's config and will replace all occurrence of values from fields marked as secret.
Describe the alternative you’ve considered or used
do manually
┆Issue is synchronized with this Asana task by Unito
The text was updated successfully, but these errors were encountered: