Hello!

First of all, absolute fan of your courses!

I have a suggestion to support masking query values from logging when using the database package. At this moment (I might not have figured it out), I cannot mask values in logs when executing queries. Resulting in password hashes being present in my logs.

Here is an easy way to change the pgx.go file to support masking.

func NamedExecContext(
	ctx context.Context,
	log *zap.SugaredLogger,
	db sqlx.ExtContext,
	query string,
	data any,
	mask bool,
) error {
	q := queryString(query, data)

	qlog := q
	if mask {
		qlog = query
                qlog = strings.ReplaceAll(qlog, "\t", "")
		qlog = strings.ReplaceAll(qlog, "\n", " ")
	}

	if _, ok := data.(struct{}); ok {
		log.WithOptions(zap.AddCallerSkip(3)).Infow("database.NamedExecContext", "trace_id", web.GetTraceID(ctx), "query", qlog)
	} else {
		log.WithOptions(zap.AddCallerSkip(2)).Infow("database.NamedExecContext", "trace_id", web.GetTraceID(ctx), "query", qlog)
	}

........rest of code
}

this parameter would need to be added to the other pgx methods but would maintain the logging of the query. Only would not log the parsed query but the raw one. Almost the same debugging power, only no security risks.

Let me know If I missed something here.

I would argue that it's better not to log the query if there are fields that should not be shown. If I was going to do this, I would define a field tag the queryString function could use to perform the mask.

@mwitteveen I would like to close this. Did you understand my thoughts on using tags?

Yes thank you for your input. I wanted to try to make it before reacting but didn’t find the time yet.