We run a support community where users often upload log files. We encourage open support discussions whenever possible and only exceptionally raise private messages to collect logs (when we think there’s a lot of value in having the unredacted logs or it’s a novel situation we’d like to debug as soon as possible).
We’ve encountered a recurring issue: users inadvertently exposing “secrets” (tokens) in their attachments.
This puts us in a tricky position. We have to inform users about compromised tokens and educate them on safe sharing practices while trying to maintain a balance between open support and confidentiality (not blurring the lines between our confidential professional support and community support).
We’d love to see a feature that scans attachments for secrets, similar to the existing AV scanning functionality (which we use). Ideally, this feature would warn users when secrets are detected in their uploads and possibly alert administrators about potential exposures.
If you have mods who are quite active, you could get them to edit it out, then hide the edit history. I’m on a forum where we have that kind of problem as well.
Is there something that makes all the tokens similar in some way? Perhaps you could then use Watched Words with Regex?
Thanks, Colin, I very much like this feature request. As you note, it’s not a particularly small task, but seems very valuable. And the antivirus plugin can provide a blueprint for how to go about implementing this.
Not a bad idea when folks post their logs in the post directly (using formatted text), but most of the time we find things hidden in attached log files