-
Notifications
You must be signed in to change notification settings - Fork 725
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
log: requesting log desensitization #2852
Comments
LGTM. In addition to the key, what else do we need to hide, such as topology? |
Can we log sha1 instead? At least we can know if the key is changed. |
@disksing It's ok to me. And from pingcap/tidb#19409, I found that tidb directly replace the key by '?'. Maybe we should unify the action. |
IMO, |
I think use hash instead of |
After discussion with tikv/tidb group, currently we will omit the region key information if log-redact is enabled. |
Development Task
To reinforce the security in the PD, one thing we need to do is to do the log desensitization.
Here are some examples we need to hide from the logs in my view:
We will add a new configuration like "enable-log-desensitization"(default false). If this configuration is enabled, the sensitive information won't appear on the previous log.
The text was updated successfully, but these errors were encountered: