Hide S3 access key from the logs


(Brett Zink) #1

If you go back far enough in my logs you can see where I changed my S3 access key and secret key. You can also see the values I changed them to. I’m okay with my Admin’s having access to these, but moderators can also see logs. I think sensitive data like this should be removed from the logs.


(Robin Ward) #2

Are you on the latest version of Discourse? Because recently @neil comitted a fix for this:

https://github.com/discourse/discourse/commit/b40313559b09baf5f1a14b643f235d375a681ab6


(Brett Zink) #3

I’m on 0.9.8.8.

I just impersonated one of my mods, and yes, these items are removed.

Thanks for pointing that out!


(Régis Hanol) #4