lyft / clutch

Description
In the audit DB, we save the request and response of an API call as metadata. We currently have the ability to redact the entire request and response field values from being saved in the audit db if it contains sensitive data.

Example

clutch/api/authn/v1/authn.proto

Lines 26 to 30 in 83c47c8

    
           message LoginRequest { 
        
             option (clutch.api.v1.redacted) = true; 
        
             string redirect_url = 1; 
        
           }

However, it would be great to be able to specify which specific fields should be redacted so that the non-sensitive values can be preserved in the audit db. An example use case of this raised in #1201.

Complexity [S/M/L]: S

	message LoginRequest {
	option (clutch.api.v1.redacted) = true;

	string redirect_url = 1;
	}

audit: provide the ability to redact specific fields from being saved in the audit db