Skip to content

feat: redact SDKKey in log output #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 23, 2025
Merged

feat: redact SDKKey in log output #45

merged 1 commit into from
Sep 23, 2025

Conversation

@antoinedeschenes
Copy link
Contributor

@antoinedeschenes antoinedeschenes commented Sep 19, 2025
edited
Loading

The SDK key is currently output to logs when sdk-proxy starts. This change hides the proxy instance config log by default and adds a -show-config startup flag to enable it when required.

@antoinedeschenes antoinedeschenes requested a review from a team as a code owner September 19, 2025 19:05
@antoinedeschenes antoinedeschenes force-pushed the feat/sanitize-logs branch 2 times, most recently from d19fa86 to 3300058 Compare September 19, 2025 19:44
@JamieSinn
Copy link
Member

JamieSinn commented Sep 22, 2025

We generally approached this concept with the fact customers would react it upstream in their logs via datadog, splunk, etc. Having it print is mostly a debug confirmation that you're looking at the correct instance of the token. If it's an issue, it might be easier to just make a startup flag that prints the object/struct including the sdk key, and if it's not specified it doesn't.

The logs from the service also have other components that are higher sensitivity too, but that's environment dependant.

@JamieSinn
Copy link
Member

JamieSinn commented Sep 22, 2025

The flag would wrap this debug line here

https://github.com/DevCycleHQ/sdk-proxy/blob/main/cmd/main.go#L52

@antoinedeschenes
Copy link
Contributor Author

antoinedeschenes commented Sep 22, 2025

The flag would wrap this debug line here

https://github.com/DevCycleHQ/sdk-proxy/blob/main/cmd/main.go#L52

Updated with the startup flag suggestion. We don't have a convenient way to sanitize logs within our log stack currently, but we did roll a custom image wrapping the process within vector to redact the log lines in the sidecar. This works fine but we'd rather rely on the provided image in the long term

@JamieSinn JamieSinn merged commit 8c7801f into DevCycleHQ:main Sep 23, 2025
3 checks passed
@antoinedeschenes antoinedeschenes deleted the feat/sanitize-logs branch September 23, 2025 12:44
@antoinedeschenes
Copy link
Contributor Author

antoinedeschenes commented Nov 6, 2025

@JamieSinn thanks for merging! Is a new release planned soon?

@JamieSinn
Copy link
Member

JamieSinn commented Nov 6, 2025

i can push a patch release through - but we don't have plans otherwise for a larger scale release

@JamieSinn
Copy link
Member

JamieSinn commented Nov 6, 2025

https://github.com/DevCycleHQ/sdk-proxy/releases/tag/v2.5.3

@antoinedeschenes
Copy link
Contributor Author

antoinedeschenes commented Nov 6, 2025

Awesome, thanks for this 🙇‍♂️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JamieSinn JamieSinn JamieSinn approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antoinedeschenes @JamieSinn