Feature to prevent accidental logging of sensitive fields?

[wunderwuzzi23]

When using .Any I sometimes noticed reviewing/writing code that large structs are logged for debugging purposes but they might contain sensitive fields (that shouldn't be logged).

Was wondering if fields augmented with a sensitive or donotlog tag could be obfuscated with maybe *** or omitted when logging.

When logging individual fields its more likely that the developer notices a field is a token or a password and does not log it, but when using .Any it happens sometimes.

[dray92]

On a related note, does it make the most sense to have something like this live in the encoder impls {source}?

[juampynr]

My understanding is that Zap is a structured logging library. Therefore, .Any() should be used as little as possible, which reduces the possibility of logging sensitive data.

[mway]

It's probably not reasonable for Zap to support any "contextual" understanding of the data in fields that will be logged. Instead, callers should do any scrubbing prior to adding that data to a Field.

It's possible that we could add "field preprocessors" that invoke a UDF prior to encoding (which would still require users to define that scrubbing logic themselves), but we don't have any plans for this at the moment. I'll keep this open to track.