Hide S3 access key from the logs

(Brett Zink) #1

If you go back far enough in my logs you can see where I changed my S3 access key and secret key. You can also see the values I changed them to. I’m okay with my Admin’s having access to these, but moderators can also see logs. I think sensitive data like this should be removed from the logs.

(Robin Ward) #2

Are you on the latest version of Discourse? Because recently @neil comitted a fix for this:


(Brett Zink) #3

I’m on

I just impersonated one of my mods, and yes, these items are removed.

Thanks for pointing that out!

(Régis Hanol) #4