Do not log secret
pstoll opened this issue · comments
In both decrypt.js and encrypt.js, the secret text is sent to the logger facility. Is this really necessary? It seems to reduce the security of the secrets - let the caller decide if they want to log this info. I'd suggest you ought to not log the decrypted secret in those two cases.
Yes, i agree this its valid point, can we have not show the secret text in logger? please check this once?