When I have SASL reports enabled in my config for prod, i.e.
config :logger,
level: :info,
handle_sasl_reports: true,
backends: [:console]
I can see all sort of sensitive data being logged, that, ideally, shouldn’t be logged. The log statements I see are usually start_link logs like this:
Start Call: Goth.Config.start_link([json: "JSON WITH CREDENTIALS"])
Start Call: Segment.start_link("MY SEGMENT API KEY")
Start Call: DBConnection.Connection.start_link(Postgrex.Protocol, [pool_index: 40, types: Postgrex.DefaultTypes, hostname: "localhost", port: 5432, repo: DB.ReadReplica, telemetry_prefix: [:db, :read_replica], otp_app: :db, timeout: 15000, database: "MY DB", username: "MY USERNAME", password: "MY PASSWORD", socket_dir: "/tmp/path", pool_size: 40, pool: DBConnection.ConnectionPool], #PID<0.7904.0>, #Reference<0.3253924283.239206406.56959>)
Redix.start_link([host: "MYREDISHOST.gce.cloud.redislabs.com", port: 13485, database: 0, password: "MY REDIS PASSWORD", name: ExqUi.Redis.Client, socket_opts: []])
etc. etc.
Most of these logs are coming from libraries that we use, not from the code I directly wrote. In addition to that, some of the sensitive data is embedded in structs, some are plain Strings, or embedded in maps, so I think implementing custom inspect like this won’t cut it either: https://hexdocs.pm/elixir/master/Inspect.html#module-deriving
Is there something I am doing wrong, or is there some way to prevent the SASL logs from leaking such info?