Details
-
New Feature
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
Server Tooling & Methods
Description
Currently log redaction is only caught in code review and in a manual review at the end of each release. One automated way to look for unredacted strings would be to put a canary string like 'XXXXXXXXX' in places that we expect to be redacted and make sure that we don't see it in the logs.