https://kotlinlang.org logo
#ktor
Title
# ktor
r

Richie Bresnan

02/22/2022, 5:29 PM
With ktor logging headers (
LogLevel.HEADERS
) application/customer secrets in the auth header are logged as below. I’d like to redact these secrets, as
******
. Has anyone found a non-invasive way of doing this?
Copy code
[***] 2022-02-22 08:59:45.641 [main] INFO  io.ktor.client.HttpClient - METHOD: HttpMethod(value=GET)
  [***] 2022-02-22 08:59:45.641 [main] INFO  io.ktor.client.HttpClient - COMMON HEADERS
  [***] 2022-02-22 08:59:45.641 [main] INFO  io.ktor.client.HttpClient - -> Accept: application/json
  [***] 2022-02-22 08:59:45.641 [main] INFO  io.ktor.client.HttpClient - -> Accept-Charset: UTF-8
  [***] 2022-02-22 08:59:45.641 [main] INFO  io.ktor.client.HttpClient - -> Authorization: token my_super_secret_token_that_I_want_to_redact
m

Matthew Gast

02/22/2022, 6:27 PM
If you can accurately predict where the secrets would appear, you could intercept the logging calls manually and block out the secrets. It not necessarily clean but it should work.
r

Richie Bresnan

02/22/2022, 7:15 PM
Exactly what I was looking for Matthew. And thanks for the example!
10 Views