[Feature Request]: Add enabled-by-default option to censor sensitive secrets outputted by stacktraces and logging
Opened this issue · 4 comments
Description
Currently the stacktrace and loguru logging modules spit out a bunch of local variable values at crash-time. Some of these variables include runtime configurations containing sensitive user secrets such as passwords, email addresses, and account tokens.
This is a potential security risk for users if they share their runtime logs publically for bug-tracking/fixing purposes.
Describe the solution you'd like
Implement a feature that's opted in by default, to redact/suppress any sensitive log/console outputs in logging or stack traces. Especially events of the SENSITIVE_DEBUG level in Loguru.
Describe alternatives you've considered
No response
Any other context/information?
In tandem: eventually split cfg.yml config file into a public and private config file: where public has program setting such as modes and can easily be shared in crash/bug reports, while private somehow securely stores inputted user secrets (preferably in an encrypted form)
Do we even need to log the sensitive information from cfg.yml shouldn't we just log the modes used?
Sometimes the user might want sensitive logs for debugging purposes.
I implemented any sensitive logs as a SENSITIVE_DEBUG Log Level in Loguru logging library. This means it should be easy to suppress any logs with that level.
However, redacting stack traces might be harder.
Ah okay, It was easy to implement the hiding of the sensitive logs but still looking at the stack traces, however suppressed_paths seems like it should sort the stack traces so going to look into that.