Bug: Macaroon should not be logged

Question

Bug: Macaroon should not be logged

Closed this issue 2 months ago · 3 comments

mrfelton commented 3 months ago

Describe the bug

Macaroon is currently being logged in calls to the gRPC server

Expected Behavior:

Macaroon should never be logged

Actual Behavior:

Macaroon is logged for every grpc call

To Reproduce
Make a grpc call and view the logs

Additional context
I have log level at TRACE

Answer 1 · 2024-07-16T21:32:19.000Z

I added a fix for this in the lastest version of #131 3fa88ca

But we can keep this issue open until that's merged

Answer 2 · 2024-07-19T09:28:19.000Z

I've added a comment to #131 regarding protecting and securely wiping secrets from memory. I think we can open a separate issue to track introducing something like the secrecy crate to help with that.

Unfortunately in the case for this issue it was grpc request metadata. Some values can be marked as sensitive with set_sensitive(true) which can be checked with is_sensitive(), unfortunately that doesn't change anything about Display/Debug implementations obviously and there is no other type like SensitiveAsciiMetadataValue that would do something similar to secrecy and implement redaction. :(

Answer 3 · 2024-07-23T00:34:14.000Z

This should be fixed now that #131 is merged, but we plan to add #143 in a follow up!