Bug: Macaroon should not be logged
Closed this issue · 3 comments
Describe the bug
Macaroon is currently being logged in calls to the gRPC server
- Expected Behavior:
Macaroon should never be logged
- Actual Behavior:
Macaroon is logged for every grpc call
To Reproduce
Make a grpc call and view the logs
Additional context
I have log level at TRACE
I've added a comment to #131 regarding protecting and securely wiping secrets from memory. I think we can open a separate issue to track introducing something like the secrecy
crate to help with that.
Unfortunately in the case for this issue it was grpc request metadata. Some values can be marked as sensitive with set_sensitive(true)
which can be checked with is_sensitive()
, unfortunately that doesn't change anything about Display
/Debug
implementations obviously and there is no other type like SensitiveAsciiMetadataValue
that would do something similar to secrecy
and implement redaction. :(