Aws::KMS::Client#encrypt logs plaintext: param #908

modosc · 2015-08-21T21:22:17Z

versions:

aws-sdk (2.1.14)
aws-sdk-rails (1.0.0)

with Aws.config.update log_level: :debug any calls to Aws::KMS::Client#encrypt are logged including the plaintext:

[Aws::KMS::Client 200 0.131191 0 retries] encrypt(key_id:"arn:aws:kms:us-west-2:12324123412324:key/1420d94d-15ea-43bd-9fe0-2792289f189b",plaintext:"asdfasdfasdf")

seems like this param should be filtered, maybe something similar to the rails config.filter_parameters implementation?

The text was updated successfully, but these errors were encountered:

trevorrowe · 2015-08-24T18:27:55Z

Thank you for reporting this issue. I definitely agree these should be filtered from the default logger output. I'm going to take a look at this today and see what we can do to resolve this.

trevorrowe · 2015-08-24T22:39:57Z

I made a change to the SDK so that it will now filter sensitive parameters by default when logging request parameters. The default list will be auto-updated by checking the service definitions as an automated release task. You can add additional filters when constructing a log formatter.

modosc · 2015-08-25T17:32:24Z

thanks!

trevorrowe added Version 2 feature-request A feature should be added or improved. labels Aug 24, 2015

trevorrowe closed this as completed in c0ed977 Aug 24, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Aws::KMS::Client#encrypt logs plaintext: param #908

Aws::KMS::Client#encrypt logs plaintext: param #908

modosc commented Aug 21, 2015

trevorrowe commented Aug 24, 2015

trevorrowe commented Aug 24, 2015

modosc commented Aug 25, 2015

Aws::KMS::Client#encrypt logs plaintext: param #908

Aws::KMS::Client#encrypt logs plaintext: param #908

Comments

modosc commented Aug 21, 2015

trevorrowe commented Aug 24, 2015

trevorrowe commented Aug 24, 2015

modosc commented Aug 25, 2015