Hi, > Also keep in mind that DEBUG logging, while still should have some masking > of data, since it is explicitly called out (or should be) as not safe for > production, can contain some " sensitive" data. Credentials should still be > scrubbed, but I would say the swift temp URL is something that may line up > with this more flexible level of filtering logs. > > Now, if the service (and I don't think ironic suffers from this issue) is > only really runnable with debug on (because there is no useful information > otherwise) then I would aim to fix that before putting even potentially > sensitive data in DEBUG. > > The simple choice is if there is even a question, don't log it (or log it in > a way that obscures the data but still shows unique use). >
I agree with Morgan's statement here. And just throwing an idea in the wind here, we could make use of the python logging filters to create a filter for sensitive information. We probably need one already to avoid having to do things like [1] in the code. [1] https://github.com/openstack/ironic/blob/812ed66ccabfcb1c1862951ea95a68b9d93b1672/ironic/drivers/modules/iscsi_deploy.py#L275-L284 Cheers, Lucas __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
