Neel1210 commented on issue #4015: URL: https://github.com/apache/logging-log4j2/issues/4015#issuecomment-3702877839
> The problem of masking sensitive data in logs appears often in discussions (e.g. https://github.com/apache/logging-log4j2/discussions/1814 and https://github.com/apache/logging-log4j2/discussions/3152) and the usual advice is do not log sensitive data. @ppkarwasz, exactly. The discussions you linked highlight the need, but the reliance on custom plugins creates a significant maintenance burden for microservice architectures. In an environment with 20–30+ microservices, the operational overhead of managing and updating custom plugin binaries across every service becomes quite difficult. > This is actually not so hard: if we replace the RegexReplacement field with RegexReplacement[] it will still accept 0 or 1 elements of type RegexReplacement. Regarding the implementation: I have tested the RegexReplacement[] approach in a fork, and it works as expected while maintaining backward compatibility for single-replacement configurations. PoC Commit: [[Link to your commit](https://github.com/Neel1210/logging-activity/commit/2e0d54c79e7910f41a4f0839b7be2d852b0671c7)] Demo Repo: [[Link to your repo](https://github.com/Neel1210/logging-activity)] I did encounter an edge case where certain patterns work in isolation (in online compilers) but fail when combined in PatternLayout. In my log4j2.xml, replacements 0 and 2 are working, but replacement 1 is not. I tested this specific pattern in isolation, and it works fine there, which is unexpected. I've documented the demo code here: [[Link to your Main.txt](https://github.com/Neel1210/logging-activity/blob/main/src/main/java/me/demo/logging_Activity/utils/Main.txt)] @vy, regarding the Universal Masking approach: Would the goal be to create something structurally similar to a RewriteAppender? A "MaskingAppender" that takes a nested Layout plus a collection of RegexReplacement elements would provide the composability you mentioned, solving the rollout issue for both Pattern and JSON layouts simultaneously. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
