Redacting Sensitive Values in Logs
Source: hello-pepr-store-redact-logs
When storing sensitive information like passwords or secrets in the Pepr Store, you should avoid logging the raw values. The Store itself does not automatically redact values in logs. This example shows how to retrieve sensitive data from the Store and transform it before logging to prevent exposing secrets in pod logs.
Code Example
Section titled “Code Example”View full example on Github
Store.onReady(async () => { const [key, val] = ["password", "***SECRET***"]; Store.clear(); await Store.setItemAndWait(key, val); const value = Store.getItem(key); Log.info( { password: `${value.replace("SECRET", "DECLASSIFIED")}` }, "getItem", );
Store.clear(); await untilTrue(gone(key)); Log.info("DONE");});Example pod log output:
Section titled “Example pod log output:”{"level":30,"time":<timestamp>,"pid":<pid>,"hostname":"pepr-<hostname>","password":"***DECLASSIFIED***","msg":"getItem"}{"level":30,"time":<timestamp>,"pid":<pid>,"hostname":"pepr-<hostname>","msg":"DONE"}