New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update documentation with recommended logback config to avoid risk of DEBUG level logs exposing user credentials #4913
Comments
There's unfortunately nothing we can do about the apache wire level logs, which I think you're referring to. Testcontainers itself already hides any sensitive values in its own logs, e.g.:
Or are you seeing an I'm afraid if the global log level is raised to debug then other libraries logs (such as Raising the log level for just
would hopefully have the desired effect of showing Testcontainers' debug logs but nothing else. I think we should add explicitly this to our documentation to make this clearer. |
@rnorth you're right it's mainly from |
OK, that's something. We will update our docs so that other people don't fall into the same trap. Sorry if this caused you inconvenience 🙇♂️ |
Is this the issue for |
It's not really something that As long as I can remember, Apache HTTP client has had 'wire' debug level logs which show the raw request/responses. Personally I think these being at DEBUG is a bit too verbose, but others may disagree, and I think this won't ever change. I think what I'd propose to help our users is, in our docs (our logging recommendations):
|
Hi! I'd like to work on this. :) Is |
Apache HTTP client's wire logger produces a large amount of log data, which can include secrets. Therefore recommend turning it off, so that it won't become enabled in case the root logger's level is increased to DEBUG. Fixes testcontainers#4913
Add an example showing how to enable debug logging only for the `org.testcontainers` package. Recommend against enabling debug level on the root logger in order to not be swamped by log data. Fixes testcontainers#4913
Apache HTTP client's wire logger produces a large amount of log data, which can include secrets. Therefore recommend turning it off, so that it won't become enabled in case the root logger's level is increased to DEBUG. Fixes testcontainers#4913
Add an example showing how to enable debug logging only for the `org.testcontainers` package. Recommend against enabling debug level on the root logger in order to not be swamped by log data. Fixes testcontainers#4913
* Recommend disabling Apache HTTP client wire logging * Recommend enabling debug logging only for org.testcontainers Fixes #4913 Co-authored-by: Kevin Wittek <kiview@users.noreply.github.com>
Please hide user credentials when DEBUG level is used for logging. Configuration took from https://www.testcontainers.org/supported_docker_environment/logging_config/ and changed for DEBUG.
When DEBUG level logs are required for issue to be resolve this can cause unnecessary problems for users
The text was updated successfully, but these errors were encountered: