I am getting closer to putting my Elixir backend API in production and have a question about logging. Currently when a 500 error occurs in an API call, the entire Plug is posted to my logging service. This includes the JWT used in the request and secret key base used to decrypt the JWT.
Is there any way to filter this sensitive data from being written to the logs? Phoenix does this automatically for things like user passwords, and I thought Ecto did something similar. Unfortunately I can’t seem to find documentation on it.
I have the same situation right now. I am making a request to a remote system and if it fails, I log the entire HTTPoison response, which might contain login credentials. Currently:
But maybe in the future, if the remote API accepts a JSON body, the body will be a JSON string. So something more general would be useful. A quick search on hex.pm didn’t yield any results.
defimpl AppGateway.Error, for: AppGateway.Errors.RemoteServiceError do
def status(_), do: AppGateway.Errors.RemoteServiceError.status()
def log_message(error) do
"""
Error while calling Remote Service!
Method: #{error.method}
Url: #{error.url}
Headers:
#{inspect(error.headers)}
Body:
#{inspect(error.body)}
Response:
#{inspect(error.response)}
Error:
#{inspect(error.error)}
"""
end
end
error.body is what I passed to HTTPpoison and error.response is what I get from the {:error, value} tuple from HTTPoison, which is in most cases a %HTTPoison.Response{} struct which also contains the full %HTTPoison.Request{} with the body.
Even manually filtering it is quite some work and the maintenance efforts are high. What I hoped was a clever algorithm that uses the string representation of the structs and filters out the data.
Seems like the nested_filter lib only works with maps but I am dealing with quite a few structs. Also, if the request body contains a JSON string, it won’t help at all.